There is a moment in almost every organization when someone says a phrase that sounds reassuring on the surface but I hope should make security leaders just a little uncomfortable: “Don’t worry, Mike knows how that works.” (no real Mike’s are used in today’s example). Mike I’m sure is a great guy, he’s been with […]
The Security Implications of Over-Automation
Not long ago I was in a conversation with a few other security leaders about automation. It started the way these conversations often do, someone mentioned how much faster their team was able to respond to alerts since implementing automated workflows. Another person talked about automatically isolating compromised endpoints upon alerts and someone else described […]
The Hidden Risk in Identity Lifecycle Gaps
There is a moment in almost every security program where someone confidently says, “We have a solid joiner, mover, leaver process.” It usually comes up in audits, board discussions, or when someone is explaining how identity is clearly under control. On paper, it looks great. New employees get access based on role. Transfers trigger updates. […]
Shadow Access: The Security Risk You Don’t See Until It’s Sitting in the Boardroom With You
After 20 plus years in technology and security, I’ve learned something important…well learned a lot of important things…but this is the one I’m writing about The biggest risks that we have that we aren’t aware of rarely come crashing through the front door, they slip in quietly because they already have access and no one […]
Protect the Executives
For years, I’ve advocated spending extra attention to accounts on a network that once compromised, can cause devastation to the environment. Depending on what industry your work in, these are Executives, VIPs, Politicians, or even the C-Suite, whatever you call them, these are accounts, you may not have considered dangerous, but they can be. The […]
Recent Comments