Enterprise Security

“Up Your Game” to Close the Security Skills Gap

Ask any CISO to name the top challenges of the job, and their first response is likely to be the security “skills gap” – the inability to find enough skilled people to handle an organization’s security needs. With over 200,000 security jobs unfilled in the U.S. alone, organizations, especially security operations centers (SOCs), are continuously…

Where Is My Cybersecurity Rosetta Stone?

This week’s theme for National Cyber Security Awareness Month is “Cyber from the Break Room to the Board Room.” Communication, like anything else worth getting better at, takes practice. Sometimes it takes planning to know what we want to say and how we want to say it. We also need to anticipate who our audience is…

Great Things Come in 3s – EMC (RSA) Positioned in Leader’s Quadrant in Three Gartner Magic Quadrants

We have all heard the adage that great things come in threes. Stooges. Pigs. Blind Mice. The list goes on and on. I have am very pleased to announce another thrilling combination of three – Gartner Magic Quadrants. EMC (RSA) has been positioned in the leader’s quadrant in three Gartner Magic Quadrants: Operational Risk Management,…

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

In April, I wrote two blogs (How Hungry… and Appetite and Exercise) on the concept of risk appetite. I highlighted the fact that organizations must take on risk to drive growth within the business. That risk must be balanced with activities to manage the risk within a tolerance that is acceptable to the organization. Some…

CEO Fraud: The New $2 Billion Phishing Scam

Like most employees, you don’t think twice before opening an email from your CEO. Given the latest email scam making the rounds in the workplace, maybe you should.  Statistics show that the spear phishing scam known as “CEO Fraud” has already racked up more than $2 billion in losses and victimized 12,000 individuals globally. Losses…

Appetite and Exercise

In my last blog post, I posed the concept of Cyber Risk Appetite as something that all organizations need to consider today.  I used the analogy of a balanced diet of risk – taking some risks to keep the business growing while avoiding so much risk that the business becomes bloated.   The objective is to…

Reversing the Drift into Failure

In his January 2016  Cryptogram newsletter, Bruce Schneier reprinted an essay on “normalization of deviance”: the process of divergence from defined policies and procedures into increasingly risky practices. Explored in detail by Dr. Diane Vaughan, as well as by other researchers and practitioners seeking to explain catastrophic failure events, it bears great relevance on cyber…

How Hungry is your Organization?

As someone that tries to watch my diet, I know how hard it is to deal with your own appetite. Several things that are my weakness – fresh bread, cold beer, pizza, the list goes on – are definitely not the best elements for a balanced diet.  Most of the time I am able to deal…

Defend the Kingdom – My Final Thoughts

Episode #6 of Defend the Kingdom, “Ghost in the Machine”, brings to close the dramatic battle between good and evil in both Marty’s imagination and his daily work as a security “hunter”.   The episode reveals a highly skilled, persistent, maniacal adversary bent on the Kingdom’s ultimate destruction.  In Marty’s alter-universe, he sees this as an…

E6 – Ghost in the Machine – Curtain Call

The Hunter’s horse panted heavily and churned up dust as it raced down the dirt road towards the Frontier.  The moonlight glanced off the swirling clouds of powder in the horse’s wake.  The Hunter gritted his teeth as the horse careened around a corner. His mind raced.  He wondered if he would make it in…