• 19 Mar 2019

    Good, old-fashioned, boring passwords – the key to good security

    Many people are quick to proclaim that passwords are dead...that SSO, MFA, and related technologies are THE solution. Not so fast. Passwords, as we've known them for decades, are not going away anytime soon. Sure, I'll embrace the technologies that help take the pain out of passwords and password management. Hopefully we will be password-free in the next few decades. Still, pragmatism will win out over presumed quick fixes every ...

    Continue Reading...
  • 16 Nov 2018

    Fortinet study on CISOs and the security skills gap

    We hear a lot about the information security skills gap but what does that really mean? Actually it means a lot of different things to different  people. Check out this Ziff Davis webinar on which I recently served as a panelist. We had a great discussion and the study commissioned by Fortinet is very telling about what employers are looking for and what jobseekers believe that they bring to the ...

    Continue Reading...
  • 17 Sep 2018

    Crashing race cars and preparing for incidents that have never happened

    Just over 17 years ago, on 9/11, we witnessed what it was like dealing with something that had never occurred. I remember thinking at the time and it still rings true – it's hard to protect against something that's never happened. Little to no clues, as far as we know...massive destruction on a scale we never expected. That's the tricky thing about terrorist threats and, on a much smaller scale, ...

    Continue Reading...
  • 12 Sep 2018

    Using Securolytics for enhanced IoT security

    I often say that you can't secure the things that you don't acknowledge...I can't imagine that reality applying to anything in IT or security as much as it applies to securing Internet of Things (IoT) devices that are on your network, creating risks...this very moment. The trouble with IoT devices that they can be not only hard to discover and manage but they're also extremely difficult to identify. Oftentimes, in ...

    Continue Reading...
  • 22 Aug 2018

    A great reminder about relationships in information security

    I've always believed that poor communication can make or break an information security program. So many times, I witness IT and security professionals failing to get their messages across to their audience and, worst of all, talking down to the very people whom they should be lifting up. I've written about it many times over the years: https://searchenterprisedesktop.techtarget.com/tip/Ten-ways-to-sell-security-to-management https://searchwindowsserver.techtarget.com/tip/Working-in-IT-Simple-steps-to-get-users-on-your-side https://it.toolbox.com/blogs/itmanagement/the-one-skill-worth-mastering-in-it-052814 George Bernard Shaw said something that applies nicely: “The problem ...

    Continue Reading...
  • 13 Aug 2018

    CNN news story on Omarosa getting fired from the White House that quotes me on the reality of security culture

    Security culture is everything. If you work in security, you probably already know that...For business executives, though...well, that mindset is largely absent. In fact, as this new CNN piece I'm quoted in about Omarosa secretly recording her firing in the most "secure" room of the White House highlights, talk is cheap. IT and corporate security professionals can evangelize the importance of security - especially security culture - all day long, ...

    Continue Reading...
  • 24 Jul 2018

    Check out my webinar on the big risks involving unstructured information – 2pm ET today (reading assignment links)

    Join me today at 2pm ET for my Ziff Davis webinar Addressing the Security Risks Around Unstructured Information sponsored by Citrix ShareFile. Unprotected files scattered about the network environment is one of the biggest vulnerabilities I see...and it continues to create tangible business risks for every organization. I'll talk about the risk, share some examples of what I'm seeing in my work perform security assessments, and provide some ideas on ...

    Continue Reading...
  • 17 Jul 2018

    Join me at 2pm ET today for a discussion on data breaches + reading assignment links

    The data breach numbers we see in the studies and headlines every year (day!?) are pretty amazing...It's clear that we have not just an IT challenge on our hands but a true business problem... What's behind all of the incidents and breaches? Why does it seem to be getting worse? Is there anything that can be done about it? Well, that and more is what I''l be discussing in my ...

    Continue Reading...
  • 13 Jul 2018

    Introducing my brand new vulnerability and penetration testing book: Hacking For Dummies, 6th edition

    Want to learn the essentials of vulnerability and penetration testing? Looking for insight into which testing tools you need to use to get the job done right? Maybe you need help in determining the difference between the vital few security vulnerabilities and the trivial many that sidetrack so many people? Perhaps you need help selling information security to management and keeping them on board with what you're doing? Well, if ...

    Continue Reading...