5 Days Left to Save $200 on SANS Miami 2016

SANS Security Trend Line

Twelve Word Tuesday: Evergreen Headline "New Technology X Impedes Security Process Y" Drives Need for New Security Process Z

Has old Security Process Y Ever Won? Maybe once (CALEA) - usually not. Continue reading Twelve Word Tuesday: Evergreen Headline "New Technology X Impedes Security Process Y" Drives Need for New Security Process Z


Twelve Word Tuesday: Looking for Security Tea Leaves in New Microsoft CEO's "Bold Ambition & Our Core" Missive

Satya Nadella's letter to employeesmentions cloud 7x more often than security. Microsoft CEO letter here Continue reading Twelve Word Tuesday: Looking for Security Tea Leaves in New Microsoft CEO's "Bold Ambition & Our Core" Missive


Twelve Word Tuesday: It Hurts When They Do That, Get Them to Not Do That

Continuous vulnerability avoidance much more profitable than continuous monitoring/mitigation/incident response. Continue reading Twelve Word Tuesday: It Hurts When They Do That, Get Them to Not Do That


Twelve Word Tuesday: Verizon 2014 DBIR Critical Security Controls Incident Prevention Heat Map

Vertical: Hotels need basic hygiene Horizontal: Patching and securing remote access dominate Figure 70 from 2014 Verizon Data Breach Investigation Report Continue reading Twelve Word Tuesday: Verizon 2014 DBIR Critical Security Controls Incident Prevention Heat Map


A Conversation Around Supply Chain Integrity - Is There Any Real Way to Trust Products?

Bill Murray and I recently had an fun interchange on the topic of supply chain security and he's agreed to let me reproduce it here. The starting point was a comment I made in SANS Newsbites on this news item: [[60]] China Vetting Networking Gear (May 22, 2014) After the US Justice Department indicted five … Continue reading A Conversation Around Supply Chain Integrity - Is There Any Real Way to Trust Products?