Most recent blogs, netcasts, papers, etc.


Your apps are never safe enough (June 23, 2014)

You can't rely only on your developers and software vendors to deliver secure applications.


Enable the business with strategy-focused security management (June 10, 2014)

To shift to a risk management posture, security managers and analysts who work closely with project management teams must possess a specific skill set.


Adventures in Security Episode 5 - How NOT to manage incident response (June 8, 2014)

Using the FBI, the risk associated with using Chinese hardware, and what Target did wrong


Respond to actual risk, not the threat alone (June 3, 2014)

The emergence of a new threat does not necessarily constitute an emergency for your organization. Respond to actual risk, not the threat alone.


Adventures in Security Netcast Episode 4: June 1, 2014

Eight security gaps most organizations admit to having and managing the likelihood of security incidents


Security Crossword 3 (May 31, 2014)

Theme: Security Current Events


Many organizations still don't get infosec basics (May 31, 2014)

Building a security framework often starts with low or no cost solutions that many organizations still ignore.


Don't Force Business to Bypass Security (May 28, 2014)

Sometimes, we as security pros are the problem when business managers introduce elevated costs and risks.


Incident Reponse: Save Root Analysis for AFTER process recovery (May 26, 2014)

Deep analysis of the who, what, and why of a security incident should never happen before process recovery.


Simple Root Cause Analysis (April 20, 2014)

Root cause analysis doesn't have to be complicated.