There is a moment in almost every security program where someone confidently says, “We have a solid joiner, mover, leaver process.” It usually comes up in audits, board discussions, or when someone is explaining how identity is clearly under control. On paper, it looks great. New employees get access based on role. Transfers trigger updates. […]
Why Traditional Access Reviews Fail
There is a moment (or every quarter) in almost every organization where access reviews are sent out, inboxes fill up, and managers everywhere collectively sigh. We’ve all seen the email: “Please review and certify user access for your team.” I’ve run the program…and I still sighed when I got it. On paper it sounds simple, […]
Incident Response Without Situational Awareness Is Theater
I recently had a discussion with a few colleagues about incident response. It started the way these conversations often do, with someone asking what “good” incident response really looks like and some of the incidents that I’ve worked on. That question sounds simple, but it is not. Before long, we were debating playbooks, tabletop exercises, […]
Standing in the Background of the Incident
I just got back from a trip to Disney World where my daughter was competing in cheer, and somewhere between the crowds, the rides, and the constant hum of people moving with purpose, I realized something odd. I was in the background of a lot of other people’s vacation photos. Not intentionally, It’s not in […]
Recent Comments