2013 Security Resolutions

Now that the Mayan calendar gives us until October 13, 4772, we have some time to focus on 2013 in earnest. As I was thinking of my resolutions for 2013, I thought I’d compile some of the things that I predict will be on the resolution list for many organizations in the New Year.

Answering Questions About the CISSP Certification

I just finished teaching RSA’s CISSP exam prep course last week (good times) and I was asked some questions that I felt were appropriate to answer in a blog post because they might be of interest to a wider audience. So here goes… #1 Is CISSP still a worthy credential to obtain? This is a…

The Ultimate Defense Against Advanced Persistent Threats

Sorry about that, I knew the title would pull you in…but what I have to say will, in the end, support the headline. The reason for the showmanship is that if the title had been “End User Training and Awareness is Important” or “Training End Users Will Help Your Bottom Line” you may not have [...]

How to Best Equip Your Security Program

We have seen action movies where the protagonist, stripped of his weapon, manages to find some everyday item like a stick or pen and disarm several baddies, rescue the hostages, and disable the imminent threat to mankind. We accept this premise because it happens every day; ingenuity, experience, and persistence often overcome the lack of a specific tool. We, as 21st century professionals, leverage these skills and the resources at hand to overcome the daily crises and defeat evil (or save a file that has accidentally been deleted). Cue the heroic background music…