After 20 plus years in technology and security, I’ve learned something important…well learned a lot of important things…but this is the one I’m writing about The biggest risks that we have that we aren’t aware of rarely come crashing through the front door, they slip in quietly because they already have access and no one […]
I had lunch last week with a friend who just landed their first-ever leadership role in InfoSec and not just any role, a leadership role. They’d been promoted from lead security engineer to head of security, at a company that’s never had a separate formal InfoSec leader before. The company had grown, and security had […]
AI Generated
While there is great value in the work that security professionals do every day, but communicating that success is key to helping build knowledge about what and how your program is doing. However, demonstrating the effectiveness of your cyber security measures to stakeholders—be they executives, employees, or clients—can be challenging. Here’s some thoughts on effectively […]
I have rarely seen any Cyber Security Awareness Training at any company, explaining how I can take care of my assets, how I can avoid falling for scams or other things to help my browsing online. Now for me, that’s not a problem, I’ve been in IT and Information Security my whole life, and I’m cautious when I’m online at home or work, but I want to talk about why I would like that to change. Why training employees to be more suspicious online, can and will help them to be better at work.
In fact, with so many people returning to the office and potentially accessing sensitive information on your organization’s network, it’s more important than ever to ensure that proper security measures are in place. Either fully remote or fully in-the-office work can be thought of as a “fortress” approach to security, with the primary point of access being through the employee’s personal or organizational computer.
I have to admit, until very recently, I have never heard of a BISO (Business Information Security Officer), and the first time I came across this title, I was a little confused. I at first thought that it had something to do with physical security or maybe keeping business’ financially secure…and I was wrong. If […]
I’ve talked several times about learning the lessons from every leader that I’ve ever had, good or bad. I was recently talking with a mentee, and they had an issue at their work and their boss berated the entire staff for making a mistake that brought a system down. From the description of the incident, […]
I think an often overlooked part of leadership for many people on every level, is mentorship. In my career, I’ve had no mentors, indirect mentors, and only one real mentor. Yet from every boss that I have ever had, I have learned something from them, sometimes positively, other times not so much. Yet, I do […]
It still is somewhat shocking to me that most businesses still aren’t taking Multi Factor Authentication seriously, and don’t mandate it for the employees and like I mentioned the other day for executives. Yet, I see articles like this one from Yubico that shows that people are making the effort in increasing spending by 75%. […]
Recent Comments