Regularly the President of the United States delivers the State of the Union address. This practice “fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the “state of the union” and recommend any measures that he believes are necessary and expedient.”. What if you […]
What Can You Learn On Your Own?
I recently posted the below on the SANS Internet Storm Center. We are all privileged to work in the field of information security. We also carry the responsibility to keep current in our chosen profession. Regularly I hear from fellow colleagues who want to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several […]
KNOW before NO
KNOW before NO A good friend told me an engaged information security professional leads with the KNOW instead of the NO. This comment struck me and has resonated well for the last several years. It has encouraged me to better understand the desires of the business areas in an attempt to avoid the perception of […]
Distraction as a Service
I recently posted the below on the SANS Internet Storm Center. Have you noticed that some security projects never seem to get finished? Despite the best of intentions, often times they linger, sometimes for years. I believe that distractions play a role in security projects being delayed and ultimately never being completed. If not monitored closely, nothing will […]
An Approach to Vulnerability Management
I recently posted the below on the SANS Internet Storm Center. No need to do anything to make your auditor happy than to purchase the most popular scanning tool No need to worry, when the scan is over and the report has been produced – you are all done No need to ever leave your cube and speak […]
Applied Lessons Learned
Applied Lessons Learned What were the harsh and hopefully applied lessons learned that you would never forget and, more importantly, vowed never to repeat? Especially those of you who have been in information security for many years and perhaps a member of several different teams. Consider yourself encouraged to remember those “from now on I […]