security

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

Disruptive Innovation

Innovation is a continual process, building upon the past to improve the future.  Often this means small, incremental steps that chip away at a larger problem.  Sometimes, by accident or design, those changes aren’t so small.  These massive changes are a disruptive innovation that can redefine what is possible. It used to be that the winner…

How Security Poor Are We?

We at RSA recently released the results of our NIST CSF inspired Cybersecurity Poverty Index. In some ways the results weren’t surprising and in other ways they were. What wasn’t surprising, although certainly depressing, was the overall result that nearly 75% of survey respondents reported that their organizations lacked the level of maturity (using the…

Teaching Analysts to Fish; How to Become Better at Detection and Response – RSAC 2015

Daily the media replays stories of yet another company that is the victim of an intrusion or breach. With all this attention, and sometimes hyperbole, are we as practitioners improving at detecting malicious activity inside our networks? Regardless of the size of your company and its vertical or horizontal markets, your network may become the…

How do you define Security?

When I chose information security as my profession, it was a conscious decision.  I felt compelled towards the technology and the fascinating challenge of securing a shifting, metamorphic ecosystem.  When we think of the term “security,” in our technology context today, immediately we conjure up images of putting up walls, defenses and traps to keep…