I recently posted the below on the SANS Internet Storm Center. No need to do anything to make your auditor happy than to purchase the most popular scanning tool No need to worry, when the scan is over and the report has been produced – you are all done No need to ever leave your cube and speak […]
CIS Critical Security Controls – Version 6.0
I recently posted the below on the SANS Internet Storm Center. Right in the middle of Cyber Security Awareness Month (CSAM), the Center for Internet Security (CIS) released Version 6.0 of the CIS Critical Security Controls for Effective Cyber Defense. This update incorporates significant changes that represent the latest technologies and threats faced by information security professionals. The most notable changes to the CIS Critical Security Controls are listed below and discussed at length […]
Your Security Policy Is So Lame
I recently posted the below on the SANS Internet Storm Center. Every person should avoid lame security policies because of the lack of clarity they leave behind. Often times we find ourselves forced into creating security policies due to compliance requirements. Is there a way to lean into this requirement and get value beyond the checkbox? I certainly […]
Trust But Verify
Trust But Verify Be intentional about how you spend your time. I believe that every person can incrementally improve their security program by being intentional about how they spend their time. One method is to check several items for compliance every month intentionally. While not intended to replace the value of an auditor, this approach […]
Cloud Computing Atlanta
I am looking forward to speaking at the Cloud Computing Atlanta event on Tuesday November 12. This meeting will be held at the Advanced Technology Development Center (ATDC) at Georgia Tech and is open to the public. I will be speaking about the 20 Critical Security Controls and how it can be applied in a cloud hosting […]
Security BSides DC
I am thrilled to be a speaker at the upcoming Security BSides DC. The lineup for this 2 day event is outstanding. I look forward to speaking on the 20 Security Controls and specifically how they can be used to improve the security of your network.