Solorigate, the ‘Pyramid of Pain’, and the Future of Mitigation: A Rapid AssessmentThe most painful aspects to change within the attacker’s stack are those things the attacker cannot control.Dec 22, 2020Dec 22, 2020
A Short Guide to Hackathon SuccessTime appreciation, asking the right questions, undigitize, scoping… a partial recipe for successApr 2, 2019Apr 2, 2019
Lessons from the Equifax Data Breach ReportThis month’s House Oversight & Government Committee report about the Equifax data breach is worthwhile reading for cybersecurity…Dec 18, 20182Dec 18, 20182
Continuous Improvement to Enterprise Risk Management: The Risk RegisterI recently delivered a presentation to members of ISACA’s Toronto Chapter. I’ve taken the research and feedback from the talk to draft an…Apr 16, 2018Apr 16, 2018
Enterprise Remediation Continuous Improvement: The Risk RegistryA recent GAO report examines the maturity of 24 US Government departments’ security regimes. While subject to different standards and…Oct 5, 2017Oct 5, 2017
Evolutions in Authentication, Authorization, and Accountability: Exploring Zero Trust and…Who are you, and what do you want?Jun 5, 2017Jun 5, 2017
FedRAMP and YouThe Federal Risk and Authorization Management Program (FedRAMP) is a compliance regime to which cloud vendors (i.e. Cloud Service…May 29, 2017May 29, 2017
Effectively Combatting Bots in 20172017 marks the 10-year anniversary of Cisco’s declaration that “botnets are the primary security threat on the Internet today.” At the…Jan 17, 2017Jan 17, 2017
A View of Cyber Threat IntelligenceThe business case for establishing a Cyber threat intelligence (CTI) capability is getting stronger in some sectors and verticals, and is…May 9, 2016May 9, 2016