cybersecurity

My Summer Defending the Digital Universe

In RSA’s quest to build out a deeper pool of future Defenders of the Digital Universe I had the pleasure of having Meghan O’Connor as a summer intern on my team.   During her exit interview I asked her what she didn’t realize about cybersecurity and fraud prevention prior to her internship and what advice she…

8 Authentication Pitfalls That Can Put You on the Road to Nowhere

Two-factor, multi-factor, mobile, push, tokenless, biometric: you have choices today when it comes to authentication solutions. Choose the right authentication solution, and you’ve got a straight shot to access that’s secure and convenient for users. Choose the wrong one, and you risk getting on a path that’s at best bumpy and at worst downright dangerous.…

NIST Cybersecurity Framework (CSF) Spring 2017 Workshop Findings

To shape their Cybersecurity Framework (CSF), NIST convenes a series of workshops open to any industry practitioners, vendors, or academics who wish to attend. I recently returned from the 2017 NIST CSF Workshop at their headquarters in Gaithersburg, MD. For those interested in the NIST CSF but were unable to attend, I will quickly run…

Your Cell Phone has a dirty little secret it does not want to tell you

If you are a fan of the CBS Show 60 Minutes  you may have seen a couple of well-done episodes around the espionage and intrigue of spies hacking cell phones. The problem is that these episodes don’t go far enough informing the average user as to the extent of the vulnerabilities. Inter-telco communications leverages a protocol…

Chasing the Rabbit: Cybersecurity Through the Camera Lens

Azeem Aleem and Dave Gray Nothing will work if you are not serious about it – Sam Abell This blog is intended to take a different perspective (pun intended) of how we view our security platforms and how to go about rationalizing our Business-Driven Security™ decisions about cyber threats and mitigation strategies. It all comes…

Is the cyberworld doomed to be unsafe forever?

Before seeking an answer, let’s question the question. I recently returned to the cybersecurity industry and (re)joined the good fight to secure the cyberworld. As the digital era unfolds, it feels good to be part of this mission-driven industry to help create a safe digital future. While a lot has changed, and there have been great…

Business-Driven Security™ to Lead through Chaos

My last post discussed the changing nature of security. The impact of today’s cyberattacks aren’t limited to stealing financial information or personal data. Instead, these attacks seed chaos. With this reality at hand, the need for business-driven security is even more pronounced. Security professionals must draw connections between the technical details of a security incident…

The Forum at RSA Conference

This year’s RSA Conference continues the long string of high powered speakers from both the private and the public sector. While there are great keynotes and more than 500 track sessions, we discovered we needed more! Five years ago, many senior government officials were looking for a platform from which they could communicate what they…

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

Are Software Supply Chain Attacks the New Norm?

How many of us stop to think about updating software we use every day? Do you think “maybe I should check for threats on this before I install it?” Or do you wait for it to automatically update? For many of us, we don’t consider the security of the everyday software we use. This is…