Applied Lessons Learned

I recently posted the below on the SANS Internet Storm Center. What were those tough lessons learned that you will never forget and more importantly vowed to never repeat again? Especially those of you who have been in information security for many years and perhaps a member of several different teams. Consider yourself encouraged to remember those “from […]

Security Awareness for Security Professionals

I recently posted the below on the SANS Internet Storm Center. During Cyber Security Awareness Month (CSAM), we develop campaigns for our coworkers that attempt to encourage them to stop clicking on links and  reusing their passwords. These are good reminders for us as information security professionals even though we focus on these topics during the other 11 months […]

CIS Critical Security Controls – Version 6.0

I recently posted the below on the SANS Internet Storm Center. Right in the middle of Cyber Security Awareness Month (CSAM), the Center for Internet Security (CIS) released Version 6.0 of the CIS Critical Security Controls for Effective Cyber Defense. This update incorporates significant changes that represent the latest technologies and threats faced by information security professionals. The most notable changes to the CIS Critical Security Controls are listed below and discussed at length […]

Trust But Verify

I recently posted the below on the SANS Internet Storm Center. Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to be intentional about checking several items for compliance each and every month. While not intended to replace the value of an auditor, this […]

Leave Things Better Than When You Found Them

I recently posted the below on the SANS Internet Storm Center site. Whether at the end of a project or at the end of your time with an organization, there are some low impact and high reward actions you can take to ensure that you leave things better than when you found them. Although it is […]

Repost – Stop Admiring The Problem. Start Addressing The Problem.

I recently published the below post on the SANS Internet Storm Center site.How much energy do you spending admiring your problems? It does not matter what the problem is – asset inventory, vulnerability management or security awareness. You do have problems. What are you doing to make your current problem less of a problem? Set your problems aside […]