Building a Security-Based Culture

This course will teach you how to leverage organizational change principles to develop, maintain, and measure a security-driven culture. Through hands-on instruction and a series of interactive labs and exercises, you will apply the concepts of organizational change to various security initiatives and quickly learn how to embed security into your organization’s culture. Learn about […]

What Systems Keep You Effective?

I recently posted the below on the SANS Internet Storm Center. Previously I discussed What’s On Your Not To Do List as a means to remain focused on priorities. I never fear running out of work in cybersecurity. Instead, I worry that our focus does not always stay on the most critical issues. Today I want to highlight several techniques I […]

What is the State of Your Union?

Regularly the President of the United States delivers the State of the Union address. This practice “fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the “state of the union” and recommend any measures that he believes are necessary and expedient.”. What if you […]

KNOW before NO

I recently posted the below on the SANS Internet Storm Center. A good friend told me that an engaged information security professional is one who leads with the KNOW instead of the NO. This comment struck me and has resonated well for the last several years. It has encouraged me to better understand the desires of the business […]

Distraction as a Service

I recently posted the below on the SANS Internet Storm Center. Have you noticed that some security projects never seem to get finished? Despite the best of intentions, often times they linger, sometimes for years. I believe that distractions play a role in security projects being delayed and ultimately never being completed. If not monitored closely, nothing will […]

Applied Lessons Learned

I recently posted the below on the SANS Internet Storm Center. What were those tough lessons learned that you will never forget and more importantly vowed to never repeat again? Especially those of you who have been in information security for many years and perhaps a member of several different teams. Consider yourself encouraged to remember those “from […]