• 24 Mar 2021

    If you mastered nothing else but this one thing, you’d be ahead of the security curve

    In my virtual CISO consulting engagements and vulnerability and penetration testing, the process of patch management ALWAYS comes up for discussion. Given the threats, the vulnerabilities, and the risks – everything that's at stake – I cannot think of any single aspect of a well-functioning information security program that's more important than patch management. It's one of a few things in security that you CAN control! The absolute last thing you ...

    Continue Reading...
  • 10 Feb 2021

    Review of Corporate Directors’ & Officers’ Legal Duties for Information Security and Privacy: A Turn-Key Compliance Audit Process

    One of the great tragedies impacting businesses today is the disconnection between executive leadership and the information security function. The general assumption has long been that technical staff have everything under control and, therefore, management doesn't need to get all that involved in IT security and compliance related initiatives. I first noticed this situation in the late 1990s working on information security security projects with clients. Shortly thereafter, I wrote ...

    Continue Reading...
  • 04 Nov 2020

    Stanley Roberts – catching people misbehaving digitally too

    A few weeks ago, I promised my friend, Stanley Roberts (a well-known journalist who uses video to capture people doing dumb things) that I would post about a Facebook scam that he recently encountered. And then life got in the way...but here it is. Given the tie-in with what I do in my work, I thought it would be a good opportunity to share his example of how so many ...

    Continue Reading...
  • 13 Aug 2020

    TikTok app privacy. Is it really a big deal?

    I was recently interviewed for a news segment about privacy concerns over TikTok...is it a problem? What makes it different from typical social media data collection? First off, I'm still trying to figure out more about the story behind TikTok bypassing Android's controls and accessing MAC addresses....and why Google didn't do anything about it and, really, why that exploit is available in the first place...That could be a big deal. ...

    Continue Reading...
  • 03 Jul 2020

    The miracle of COVID-19 testing: more tests= more cases. (It works for security too!)

    I'm no jet fuel genius. Nor am I a statistician. I'm certainly no epidemiologist. I don't even consider myself to be one of the smartest people in my own field. But I do know enough to realize that when a problem exists (even if it's yet to be acknowledged), once it's sought after, it will be uncovered. And once it uncovered, does this newfound knowledge actually change anything? Not necessarily. ...

    Continue Reading...
  • 15 Apr 2020

    Security awareness/training and security policy tips for tough times

    It's a tired subject at this point. Still, I still wanted to share some pieces that I've written on security awareness/training and security policies over the years that your business might benefit from to help get (keep) your arms around your remote workforce and overall information security program...no need to buy anything or hire anyone to help. The following are all you need to get rolling and/or fine-tune: Security Awareness ...

    Continue Reading...
  • 20 Mar 2020

    Want to get better at (whatever)? Explain the concepts to others.

    I recently had the opportunity to write an article for Ross Bentley's Speed Secrets Weekly newsletter. It's one of the most popular newsletters in motorsports with a ton of visibility. Ross was kind enough to let me reshare my article here...I wanted to share it with you because it relates to IT and security just as much as it does to racing a car. Being a professional writer in information/computer ...

    Continue Reading...
  • 18 Mar 2020

    Look for the lessons and be a leader among the COVID-19 panic

    “The hardest thing to explain is the glaringly evident which everybody had decided not to see.” – Ayn Rand Interesting how the world has changed in the past couple of weeks, huh? Here in the U.S., we went from a thriving economy and living in what might be described as the best time to be alive to what seems like an abrupt halt - doom and gloom - all within a couple of ...

    Continue Reading...
  • 07 Mar 2020

    Speaking engagement for ALAS in Phoenix was a big success!

    I had the opportunity to be invited to speak at the Attorney's Liability Assurance Society (ALAS) 2020 Cybersecurity Conference in Phoenix, AZ last week, and it was awesome. With a great group of 220 law firm IT leaders and general counsel professionals, I presented Beyond the Policies: Top 5 Security Findings (that I see in literally every security assessment I perform). I also served as a panelist for a lively ...

    Continue Reading...
  • 26 Jan 2020

    Learning to be a better security speaker with Brian Tracy

    I recently had the most amazing opportunity to learn more about becoming a better speaker. I got to spend two full days sitting around a conference table and in the studio with the one and only Brian Tracy. I've been speaking professionally for the past decade and a half. As with many of the important things in my life such as information security consulting, car racing, and personal relationships, I've ...

    Continue Reading...