I recently posted the below on the SANS Internet Storm Center. During Cyber Security Awareness Month (CSAM), we develop campaigns for our coworkers that attempt to encourage them to stop clicking on links and reusing their passwords. These are good reminders for us as information security professionals even though we focus on these topics during the other 11 months […]
CIS Critical Security Controls – Version 6.0
I recently posted the below on the SANS Internet Storm Center. Right in the middle of Cyber Security Awareness Month (CSAM), the Center for Internet Security (CIS) released Version 6.0 of the CIS Critical Security Controls for Effective Cyber Defense. This update incorporates significant changes that represent the latest technologies and threats faced by information security professionals. The most notable changes to the CIS Critical Security Controls are listed below and discussed at length […]
Trust But Verify
Trust But Verify Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to check several items for compliance every month intentionally. While not intended to replace the value of an auditor, this approach […]
Leave Things Better Than When You Found Them
I recently posted the below on the SANS Internet Storm Center site. Whether at the end of a project or at the end of your time with an organization, there are some low impact and high reward actions you can take to ensure that you leave things better than when you found them. Although it is […]
Repost – Stop Admiring The Problem. Start Addressing The Problem.
I recently published the below post on the SANS Internet Storm Center site.How much energy do you spending admiring your problems? It does not matter what the problem is – asset inventory, vulnerability management or security awareness. You do have problems. What are you doing to make your current problem less of a problem? Set your problems aside […]
Do you remember your “first love”?
I recently published the below post on the SANS Internet Storm Center site. I will never forget the name of my first server – Rachel. I was very proud to be the person whose job it was to defend Rachel from all types of disruption. To this day I still remember each IP address, user account, […]