I recently posted the below on the SANS Internet Storm Center. We are all privileged to work in the field of information security. We also carry the responsibility to keep current in our chosen profession. Regularly I hear from fellow colleagues who want to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several […]
What’s On Your Not To Do List?
I recently posted the below on the SANS Internet Storm Center. In our craft, there are more than ample opportunities to occupy our time. There are so many things you CAN do. How can you ensure focus on the things that actually make the biggest impact? I suggest that often times you take on more work than what you are able to complete. […]
Unauthorized Change Detected!
I recently posted the below on the SANS Internet Storm Center. How do you detect what has changed in your environment? Is it possible to think beyond the alerts you get from your tools and consider what changes that you absolutely need to know about when they occur? When systems in your environment move from “normal” to “abnormal”, would you […]
It Is Our Policy
I recently posted the below on the SANS Internet Storm Center. How many times have you heard someone say out loud our “our security policy requires…”? Many times we hear and are sometimes even threatened with “the security policy”. Security policy should set behavioral expectations and be the basis for every technical, administrative and physical control that is implemented. […]
Your Security Policy Is So Lame
I recently posted the below on the SANS Internet Storm Center. Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly […]
Have you seen my personal information? It has been lost. Again.
I recently posted the below on the SANS Internet Storm Center. Remember when milk cartons had pictures of lost children on them? I think of those cartons every time I get a notice that my personal information “may have been impacted” as a result of a data breach. As you might imagine, I recently received […]