Most security operations environments that I have had the luck of seeing, look impressive. They have dashboards everywhere, there are alerts firing and their SIEM is lit up like it’s doing something meaningful. From anyone on the outside, it reads as a mature, well-instrumented program. From the inside…if you’re really honest about it, is a […]
Ownership was Assigned….accountability is another story
There is a conversation that happens in almost every organization I have ever encountered, usually in a conference room, usually after something has gone sideways, backward and upside down. Someone of extreme importance asks who owns a particular system, process, or risk. There is almost always a pause… that lasts just long enough to become […]
Your Security Program Looks Great… For the Audit
I feel like we all have that moment in our security programs maturation when things start to feel… comfortable. The dashboards look clean, the controls are documented, the audit findings are minimal and most importantly (in some people’s opinions) the reports are polished. Everything appears to be working as intended. That is the exactly the […]
Not Every Manager Is a Leader (And That’s the Problem)
I had the opportunity to have a run in with an old colleague (he’s not old, we’ve just haven’t seen each out in a while) and we got to talking about everything that has been going on in our lives since we’ve parted and talk eventually made its way into the problems with not being […]
The Security Implications of Over-Automation
Not long ago I was in a conversation with a few other security leaders about automation. It started the way these conversations often do, someone mentioned how much faster their team was able to respond to alerts since implementing automated workflows. Another person talked about automatically isolating compromised endpoints upon alerts and someone else described […]
The Hidden Risk in Identity Lifecycle Gaps
There is a moment in almost every security program where someone confidently says, “We have a solid joiner, mover, leaver process.” It usually comes up in audits, board discussions, or when someone is explaining how identity is clearly under control. On paper, it looks great. New employees get access based on role. Transfers trigger updates. […]
Why Traditional Access Reviews Fail
There is a moment (or every quarter) in almost every organization where access reviews are sent out, inboxes fill up, and managers everywhere collectively sigh. We’ve all seen the email: “Please review and certify user access for your team.” I’ve run the program…and I still sighed when I got it. On paper it sounds simple, […]
Incident Response Without Situational Awareness Is Theater
I recently had a discussion with a few colleagues about incident response. It started the way these conversations often do, with someone asking what “good” incident response really looks like and some of the incidents that I’ve worked on. That question sounds simple, but it is not. Before long, we were debating playbooks, tabletop exercises, […]
Standing in the Background of the Incident
I just got back from a trip to Disney World where my daughter was competing in cheer, and somewhere between the crowds, the rides, and the constant hum of people moving with purpose, I realized something odd. I was in the background of a lot of other people’s vacation photos. Not intentionally, It’s not in […]
Learning that mistakes might be the best career move you never planned (I hope)
I announced two weeks ago, that I in the job market after a short tenure at a company. I learned that there is a sentence that feels heavier than it should. “I’m back on the job market.” It lands with a thud, even when no one else reacts. It immediately invites a flood of questions. […]
Recent Comments