Solorigate, the ‘Pyramid of Pain’, and the Future of Mitigation: A Rapid AssessmentThe most painful aspects to change within the attacker’s stack are those things the attacker cannot control.Dec 22, 2020126Dec 22, 2020126
A Short Guide to Hackathon SuccessTime appreciation, asking the right questions, undigitize, scoping… a partial recipe for successApr 2, 2019136Apr 2, 2019136
Lessons from the Equifax Data Breach ReportThis month’s House Oversight & Government Committee report about the Equifax data breach is worthwhile reading for cybersecurity…Dec 18, 20181872Dec 18, 20181872
Continuous Improvement to Enterprise Risk Management: The Risk RegisterI recently delivered a presentation to members of ISACA’s Toronto Chapter. I’ve taken the research and feedback from the talk to draft an…Apr 16, 201894Apr 16, 201894
Enterprise Remediation Continuous Improvement: The Risk RegistryA recent GAO report examines the maturity of 24 US Government departments’ security regimes. While subject to different standards and…Oct 5, 2017109Oct 5, 2017109
Evolutions in Authentication, Authorization, and Accountability: Exploring Zero Trust and…Who are you, and what do you want?Jun 5, 201773Jun 5, 201773
FedRAMP and YouThe Federal Risk and Authorization Management Program (FedRAMP) is a compliance regime to which cloud vendors (i.e. Cloud Service…May 29, 201766May 29, 201766
Effectively Combatting Bots in 20172017 marks the 10-year anniversary of Cisco’s declaration that “botnets are the primary security threat on the Internet today.” At the…Jan 17, 2017Jan 17, 2017
A View of Cyber Threat IntelligenceThe business case for establishing a Cyber threat intelligence (CTI) capability is getting stronger in some sectors and verticals, and is…May 9, 20161May 9, 20161
