4 Days Left to Save $200 on Automotive Cybersecurity Summit 2017

SANS Security Trend Line

Twelve Word Tuesday: No Need to Expand the Periodic Table of the Elements to Bake a Tastier Pie

Retail cyber-security advancement requires vast improvements in PCI governance, not DSS bloat. Continue reading Twelve Word Tuesday: No Need to Expand the Periodic Table of the Elements to Bake a Tastier Pie


Ramblings On Risk - Part II

In Part I, I explained why I have always trashed the traditional risk equation of the form Risk = Probability of event * Cost/impact of event. I've pushed an alternative, simplified form of Risk = (Threat * Vulnerability) + Action. Here's where that comes from: I've always been a fan of the Common Vulnerability Scoring … Continue reading Ramblings On Risk - Part II


Twleve Word Tuesday: Pete Seeger Had It Nailed About Security

Any darn fool can make something complex; genius is making something simple. (Pete Seeger died yesterday. His full quote was a bit more verbose: "Any darn fool can make something complex; it takes a genius to make something simple.") Continue reading Twleve Word Tuesday: Pete Seeger Had It Nailed About Security


Ramblings on Risk Part I

I recently gave a webinar talk on Security Analytics that included a simplified risk equation I've been showing for years: Risk = (Threat * Vulnerability) + Action I'll explain that more in a bit. After the webinar I got some Twitter feedback that it was better to stick with the more historical risk equation: Risk … Continue reading Ramblings on Risk Part I


Twelve Word Tuesday: Look for the Fair Trade Label on Your Next Cup of Software

Fair-trade coffee buying assures sustainable farming - where's fair-trade software for secure development? Continue reading Twelve Word Tuesday: Look for the Fair Trade Label on Your Next Cup of Software