Saturday, December 21, 2019

Changing Blog Platforms

I'm changing my blog platform over the course of the Xmas holiday.

New blog platform:  https://medium.com/@opinionatedsec

You can read updates dated after 12/22/2019 over there.

Tony

Friday, December 20, 2019

Rediscover The Security In Cyber Security


Despite sharing a cyber security focus, different organizations value different outcomes in the security space. 


So, why do we seem to have lost our way?

Thursday, December 19, 2019

An Abdication Of Cyber Leadership To Consultants


Cyber leaders seem to proudly point to bringing in outside consultants to convince executive to take action on items that have lingered for years. Social media is full of threads of such proud proclamations by both cyber leaders and consultants.



Wait.  What?!? 
  
Critical items that have lingered for years?  An outsider with more trust?  Something else seems broken there. 

Wednesday, December 18, 2019

Learning From Your Own Malware


The best threat intelligence comes from your own organization’s own endpoints.  One aspect to this is treating every instance of unwanted software such as malware or adware that lands and installs on a machine as an indicator of a gap in controls coverage. 



A control that is present but somehow misconfigured.
A control that is missing or has been disabled.
An error by a user. 

So, when you encounter evidence of malware, a key followup item is to determine just how the malware got there.

Tuesday, December 17, 2019

Cyber Leaders And the Adult Table


Moved to https://opinionatedsec.medium.com/are-you-as-an-infosec-leader-ready-to-sit-at-the-executive-adult-table-269129099e55?sk=8567d86985e13e40c42072e6a1b774f5

Monday, December 16, 2019

Mentoring Around The Time-Value of Cyber Delivery


A good cyber leader wants to meet expectations of their executive team but a great cyber leader wants to consistently exceed their expectations. The smart cyber leader has a chance to do this consistently within the context of delivery.


So how do we mentor cyber leaders to consistently exceed expectations?  

Sunday, December 15, 2019

Cyber Leaders And Story Telling


Good story telling is an under-valued skill for cyber security leaders. It’s a skill that helps executives gain a deeper understanding of an organization’s cyber program and gaps. This includes the current state of the program, and properly set expectations about the resources needed to keep, or change, the current state. 


All wrapped up in an easily digestible, non-technical story.