CyberTangent – 10 Questions on Cyber Risk with Jerry Caponera

In this CyberTangent episode, we are joined by a very special guest, Jerry Caponera, VP of Cyber Risk Strategy at Nehemiah Security. Our podcast host is Landon Johnson. Today's topic is 10 Questions on Cyber Risk. Let's jump in!

Keep Reading

Cyber Risk: don’t wait to get fit before you work out

An Austrian trainer offered me great advice a while back. A client he was training complained about not being “good” at pull-ups. In his thick Austrian accent (think Arnold Schwarzenegger), his guidance was “get lighter, get stronger.” Makes sense. Later, I heard the same trainer in his same economy of words, describe why so many people hold a gym membership and never u [...]

Keep Reading

It’s Q3: Time to build your cyber budget for 2019!

Fast forward to 2019. Actually, scratch that, 2019 is already here. ESPECIALLY if you are budgeting. In that case, you are already under the 2019 gun. If you are involved in cyber budgeting, one of the challenges you will face is deciding how to prioritize the cybersecurity budget and communicate those priorities to the C-suite. In this blog, we discuss a new way of thinking [...]

Keep Reading

You must relate requests to concrete cyber risk problems you will solve

Nehemiah Security partnered with MightyGuides to interview seven industry experts with the mission of advancing the risk management conversation among cyber professionals. Each interviewee was posed the question, “If your friend was put in charge of measuring cyber risk at their company, what advice would you give them?” Richard Rushing, CISO at Motorola Mobility, stat [...]

Keep Reading

A Simple Strategy for Managing Cyber Risk – Pulling the Goalie

Do sports metaphors work for cybersecurity practices? Consider whether we can steal a best practice from hockey… As a lifelong and avid Washington Capitals fan, I took great delight watching the final game of the Stanley Cup playoffs. The Caps opponent, the Vegas Golden Knights, were down 3-2 with two minutes left. Desperate to tie the score, the Knights employed a common [...]

Keep Reading

We Need to Understand Cyber Risk and Make it Tangible

Nehemiah Security partnered with MightyGuides to interview seven industry experts with the mission of advancing the risk management conversation among cyber professionals. Each interviewee was posed the question, “If your friend was put in charge of measuring cyber risk at their company, what advice would you give them?” Heath Taylor, Director of Information Security C [...]

Keep Reading

2018 Cyber Risk Analytics Market Survey

As researchers, we devote our waking hours (and sometimes sleeping) to "finding the answer." The irony is, we constantly walk around with a ton of questions! These days at Nehemiah Security, many of our questions surround things like “What are companies doing to measure cyber risk?” This is where you come in. Introducing the 2018 Cyber Risk Analytics Market Survey. We [...]

Keep Reading

DCRO Cyber Risk Governance—3 Things They Got Right, 2 Things Likely to Change Over Time

The DCRO (Directors and Chief Risk Officers group) recently published their Guiding Principles for Cyber Risk Governance. Their goal is to help assess the practices boards and C-level leaders use to manage cybersecurity. The article in PRWeb represents a valiant and important start to advance the commentary about this critical topic, one that is near and dear to our hearts.  W [...]

Keep Reading

Cybersecurity Risk vs. Technology Risk

Technology risk is straightforward, and well-understood. Cyber risk is elusive, confounding, and NOT well-understood. I could end my blog here, but I’ll add a bit more context. Technology risks tend to be easy to get our minds around. These are relatively easy to identify and are typically immediately apparent when the risk is manifested as realities such as; power fluctua [...]

Keep Reading

Guest Post: Solving the Security Risk Puzzle, State of the Union

This blog is the second in a three part series discussing how to solve the security risk puzzle. Previously, we took a brief look at the history of the security risk gap…or as Gartner dubbed it, “above the line” and “below the line.” Historically, the industry has focused on reactive aspects, namely Security Incident and Event Management (SIEM), Security Incident Resp [...]

Keep Reading