Microsoft's Opportunity to Reinvigorate Security Leadership | September 2, 2021

 The White House-hosted cybersecurity summit on August 25, 2021 was an opportunity for representatives from the private and public sectors to discuss how they can collaborate to address pressing information and computer security issues.

4 Startups Driving Cybersecruity Innovation | June 23, 2021

 Constant innovation is a constant within cybersecurity. Information technology evolves and bad actors adjust with new attack vectors. Cybersecurity must innovate to keep pace with both IT and attackers by improving cybersecurity tools.

The Cybersecurity Hero's Journey is Ours | June 7, 2021

 One of the oldest clichés in security is "security is a journey, not a destination." It is clear that, when it comes to defending ourselves and the enterprise, we never reach the end.

Are Cybercriminals Evil or Greedy? | May 12, 2021

 Are cybercriminals by nature evil? Only the 1930s pulp magazine hero The Shadow really knows "what evil lurks in the hearts" of cybercriminals.

Cybersecurity Fosters Competitive Advantage | May 4, 2021

 Tens of billions of dollars each year are spent on cybersecurity, yet cybercriminals continue to succeed. There seems to be a never-ending stream of cybersecurity bad news.

Wordsmithing: Cybersecurity or Cyber Safety? | April 16, 2021

 Words have meaning. When I was writing policies, it was imperative that 'shall', 'will', 'may' and 'must' be used correctly. The significance of a statement is dependent upon the word selected.

Time to Retire a Cybersecurity Cliché | April 8, 2021

 I've had it. It is time to retire some of the old, worn-out cybersecurity clichés polluting the landscape. Clichés are painful to hear. At the top of the list is the 'defender's dilemma'.

Winning the Cybersecurity Contest | March 17, 2021

 Cybersecurity is a competitive endeavor. This contest is framed as 'us versus them,' attackers versus defenders, and good guys versus bad guys. Analogies to sporting contests are common, thus resulting in similar descriptive language.

Keep Your Eye on the Camera | March 8, 2021

 Organizations have finally realized that mobile devices are a productivity tool. It became abundantly clear with the sudden necessity of work from home (WFH) that employees work best when they can access a mobile smartphone.

Understand Your Staff: How Insiders Shape Defenses | February 26, 2021

 Enterprises and their staff dealt with a lot of change in 2020. The pandemic and resulting lockdowns forced organizations to allow staff to work from home.

Cyber Privateering Complicates Attack Attribution | February 18, 2021

 The injection of sophisticated malware into SolarWinds software was attributed to Russian Intelligence. An unrelated attack, made possible by exploiting a vulnerability in SolarWinds software, is being attributed to Chinese hackers.

Encryption Requirements Driven by Data State | September 22, 2020

 Have you ever had that feeling that something is amiss? While conducting research on when data encryption is required, I noticed something that seemed a little off.

A Natural Law for Digital Data | September 11, 2020

 Digital data provides the strength and vitality of the Information Age. Bits have as much, if not more, value than comparable assets in the physical world.

Cybercriminals Increasingly Exploiting Pandemic Trauma | August 31, 2020

 The ancient military strategist Sun-Tzu wrote that "in the midst of chaos, there is also opportunity." He was referring to the ability to point your opponent toward the direction of your choosing.

BootHole Shows Need for Greater Scrutiny | August 11, 2020

 The recent BootHole and related vulnerabilities raise the question of whether software used for critical security functions should have special scrutiny.

Cybersecurity Strategy, Risk Management and List Making | October 3, 2017

 Developing a cybersecurity framework can provide the structure for the creation of strategy, lays out a sequence of activities required to implement the plan, and provides means of measuring success.

In Search of Equilibrium: Compliance and Security | June 21, 2017

The conventional wisdom is that compliance and security are in opposition to one another. However, when you consider their commonalities, they should be complementary.

Social Engineering and the Stranded Sports Fan | July 25, 2016

 Arm yourself against fraudulent scams that pull at your heart strings. Some social engineering scams target the best in us while proving the worst.

The Next Big Thing: Who Drives the Security Agenda? | April 4, 2016

 Determining the most effective security measures for combating modern threats is a difficult task. The attacker normally have the initiative but the defender can take it back by developing a sense of collective defense. By sharing information and ensuring tools work together defenders to improve their response to threats.

The Smart Office Needs to Know Security | October 20, 2015

 It is imperative that IoT devices be smart on security, but also for the whole infrastructure be robust. There are certain ingredients for IoT security. Many are simple and standard security practices.

Security’s Imminent Game Changer: The Cloud Hits a Walk–Off | September 14, 2015

 The forward pass and lively baseball transformed the way their games were played. Any future game-changing security product will modify the security fortress mentality. To be successful in a cloud–centric domain, security must be able to mitigate risk while being able to handle the demands of the evolving IT environment driven by individual productivity.

Are These Airline Hacks Related? | August 6, 2015

 Multiple airlines had a number of service delays caused by IT problems. While we don’t know exactly what caused these incidents, we can assert that threat intelligence and information sharing can greatly improve awareness and aid in hardening defenses against emerging threats.

Endpoints: The Beginning of Your Defense | July 24, 2015

 Endpoints are where data is created, processed and stored. It is exactly where the attackers want to gain access. Strong endpoint security is a critical element of your defense, thus each endpoint must be securely managed.

Encryption – your first line of defense | April 24, 2014

 The protection and preservation of data should be the primary focus of IT security. It is well understood that a key method to protect digital data is encryption. Organizations need to establish and deploy a comprehensive corporate encryption strategy.

Securitiy as a Proactive Business Tool | November 15, 2013

 Security costs should be considered a positive for an enterprise. Security should enable an enterprise to run a function or service that wouldn’t be possible otherwise due to security concerns. Security can provide a business with competitive advantages.

Security Posture Drift: Thinking Old School | February 4, 2013

 Security can’t be set and forgotten because the conditions are in flux. Products are updated and threats evolve as attackers find new ways to exploit technology or to bypass existing security. However the “old school” concepts of security – confidentiality, integrity, and availability ╌ remain the bedrock upon which all security efforts should be based.