From Cool to Cash - An economic perspective on Cyber Crime
As the sophistication of cyber crime exploits has increased, the security industry has applied a technical and process mindset when dealing with them. These efforts have been frustrated by the...
View ArticleDefCon 17 - What You Are Missing Out On - Part 1
You might be a security professional who could not get time off for DefCon. Perhaps you could not justify it to your manager (who is probably a DefCon veteran). Or you just didn't know what it was...
View ArticleBlackHat Interview - Risk Modeling and Application Security
This is the first part of my BlackHat interview with Barmak Meftah, Sr. VP, Products & Services at Fortify. In this installment, Mr. Meftah shares his perspective on application security and the...
View ArticleBuilding a Successful Anti-Malware Strategy
This is the first part of my Black Hat interview with Andrew D. Hayter, Anti-Malcode Program Manager for ICSA Labs. In this installment, Mr. Hayter highlights the challenges businesses face in...
View ArticleTaking Advantage of Security Spending Catalysts
This is the second part of my Black Hat interview with Barmak Meftah, Sr. VP, Products & Services at Fortify. In this installment, Mr. Meftah discusses ways to evangelize security.How do we market...
View ArticleFactors that Influence Firewall Efficacy
A variety of firewalls are available that examine different aspects of network traffic. All firewalls compare this traffic against a set of rules that mediate the flow of packets. As a business...
View ArticleProduct Review: eSafe - a Personal Encryption Application
Disclaimer: The following review reflects my views and in no way constitutes an endorsement on behalf of CSO.Security begins with the individualWhen most people hear of data breaches, large scale...
View ArticleSecurity and the Tao of the Organization
The military is a great matter of the state.It is the ground of death and life,The Tao of survival or extinction.One cannot but examine it.- Sun TzuWhen Sun Tzu wrote The Art of War, he was concerned...
View ArticleSecurityBINGE - InfoSec from the Hacker's Perspective
It was my first night at Black Hat. My mind still raced with the excitement of being in Sin City (even if it was for a security conference). I pondered the wonders and challenges that awaited me –...
View ArticlePt. 1 of an Interview with Edward Schwartz - The Truth about Regulatory...
This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending.Regulatory...
View ArticleInfoSec Value Statement vs ROI
In my podcast interview, NetWitness CSO Edward Schwartz stated that “we don't have the kind of ROI stories in security that other industries have.” As a veteran of several IT events, I've been...
View ArticleStrategic guidance for applying PCI-DSS tactics.
Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat.- Sun Tzu With the new year upon us, I reflect on all the “fun” security professionals had...
View ArticleLeveraging Compliance for Business Value
Regulatory Compliance – some see it as a necessary evil; a periodic checklist to be completed so business can continue. Others embrace it as a security panacea that mitigates risks with minimal impact...
View ArticleIT Talent Helping Haiti
As the Haitian people fight for subsistence, the world is responding with food and medical assistance. This tragedy wreaked havoc on a victim unsung by the news media – the telecommunications...
View ArticleRisk Mitigation through Collaborative Innovation
Did you innovate today?Let’s say that you did! Good job! Did you get the idea from a podcast or webinar? Maybe. Odds are that you got wind of an interesting idea when you sat with a different team...
View ArticleI’m not OK – and Why You Should Care
The SOW just came through on a new client. You do some research and find that they just cut their staff by 20% – and you are the lucky security professional that gets to do their PCI compliance...
View ArticleThe Anatomy of Leadership - A Sun Tzu perspective
What is Leadership? Most of us will agree that it is a quality or set of behaviors that engenders sufficient trust and respect as to have others follow someone. Can you point to the elements that...
View ArticleCompliance Management Challenges - Incomplete Coverage
Regulatory requirements are part of the business landscape for most businesses. Regulatory compliance was cited as a driver for security investments by 40% of the respondents summarized in the March...
View ArticleClik here to view.
DefCon 2010 - A preview of the Ninja Networks Badge
Badges. DefCon is full of these; some outrageous in their design, some sublime in their simplicity and genius. While the DefCon badge gains you entry into the conference itself, the other badges open...
View ArticleSecurity Awareness Education Begins with the Youth
Cross promoted from the McAfee Security Connected blogDefCon found new life in 2011; a new venue, a non-electronic badge, expanded audience base, and hacker kids.As a three-year veteran of the...
View Article
