Am I the only one who has experienced this…usually after a board meeting or a vendor briefing, where someone announces that the company is going to implement zero trust. The room nods, a working group gets formed, budget line appears and within a few weeks, the initiative is underway… with everyone quietly assuming that what […]
Why Detection Without Understanding Is Just Noise
Most security operations environments that I have had the luck of seeing, look impressive. They have dashboards everywhere, there are alerts firing and their SIEM is lit up like it’s doing something meaningful. From anyone on the outside, it reads as a mature, well-instrumented program. From the inside…if you’re really honest about it, is a […]
Ownership was Assigned….accountability is another story
There is a conversation that happens in almost every organization I have ever encountered, usually in a conference room, usually after something has gone sideways, backward and upside down. Someone of extreme importance asks who owns a particular system, process, or risk. There is almost always a pause… that lasts just long enough to become […]
Your Security Program Looks Great… For the Audit
I feel like we all have that moment in our security programs maturation when things start to feel… comfortable. The dashboards look clean, the controls are documented, the audit findings are minimal and most importantly (in some people’s opinions) the reports are polished. Everything appears to be working as intended. That is the exactly the […]
The Security Implications of Over-Automation
Not long ago I was in a conversation with a few other security leaders about automation. It started the way these conversations often do, someone mentioned how much faster their team was able to respond to alerts since implementing automated workflows. Another person talked about automatically isolating compromised endpoints upon alerts and someone else described […]
Why Traditional Access Reviews Fail
There is a moment (or every quarter) in almost every organization where access reviews are sent out, inboxes fill up, and managers everywhere collectively sigh. We’ve all seen the email: “Please review and certify user access for your team.” I’ve run the program…and I still sighed when I got it. On paper it sounds simple, […]
Incident Response Without Situational Awareness Is Theater
I recently had a discussion with a few colleagues about incident response. It started the way these conversations often do, with someone asking what “good” incident response really looks like and some of the incidents that I’ve worked on. That question sounds simple, but it is not. Before long, we were debating playbooks, tabletop exercises, […]
Learning that mistakes might be the best career move you never planned (I hope)
I announced two weeks ago, that I in the job market after a short tenure at a company. I learned that there is a sentence that feels heavier than it should. “I’m back on the job market.” It lands with a thud, even when no one else reacts. It immediately invites a flood of questions. […]
Shadow Access: The Security Risk You Don’t See Until It’s Sitting in the Boardroom With You
After 20 plus years in technology and security, I’ve learned something important…well learned a lot of important things…but this is the one I’m writing about The biggest risks that we have that we aren’t aware of rarely come crashing through the front door, they slip in quietly because they already have access and no one […]
Common Mistakes New InfoSec Leaders Make (and How to Dodge Them Like a Pro)
I had lunch last week with a friend who just landed their first-ever leadership role in InfoSec and not just any role, a leadership role. They’d been promoted from lead security engineer to head of security, at a company that’s never had a separate formal InfoSec leader before. The company had grown, and security had […]
Recent Comments