6 Days Left to Save $400 on SANSFIRE 2017

SANS Security Trend Line

Twelve Word Tuesday: It Hurts When They Do That, Get Them to Not Do That

Continuous vulnerability avoidance much more profitable than continuous monitoring/mitigation/incident response. Continue reading Twelve Word Tuesday: It Hurts When They Do That, Get Them to Not Do That


Twelve Word Tuesday: Verizon 2014 DBIR Critical Security Controls Incident Prevention Heat Map

Vertical: Hotels need basic hygiene Horizontal: Patching and securing remote access dominate Figure 70 from 2014 Verizon Data Breach Investigation Report Continue reading Twelve Word Tuesday: Verizon 2014 DBIR Critical Security Controls Incident Prevention Heat Map


A Conversation Around Supply Chain Integrity - Is There Any Real Way to Trust Products?

Bill Murray and I recently had an fun interchange on the topic of supply chain security and he's agreed to let me reproduce it here. The starting point was a comment I made in SANS Newsbites on this news item: [[60]] China Vetting Networking Gear (May 22, 2014) After the US Justice Department indicted five … Continue reading A Conversation Around Supply Chain Integrity - Is There Any Real Way to Trust Products?


Twelve Word Tuesday: 25 Years After the End of the Last Cold War: Lessons Learned for a Cyber Version

Mutually Assured Destruction proved best defense tipped the balance - least vulnerable wins. Continue reading Twelve Word Tuesday: 25 Years After the End of the Last Cold War: Lessons Learned for a Cyber Version


Twelve Word Tuesday: Are You Prepared If eBay's CEO Does the CSPAN Walk of Shame?

To tell your CEO: won't happen to you because.../if we do...? Continue reading Twelve Word Tuesday: Are You Prepared If eBay's CEO Does the CSPAN Walk of Shame?