Don't have time to read? Start listening to this blog post now:
The holy grail for cyber is to measure and communicate risk in financial terms and come up with a mitigation plan that works for security professionals, all while speaking to the CEO, CFO and the board. The good news is that the basic formula for figuring this out is simple:
Yet that formula does not [...]Keep Reading
You may have already heard about the term “Key Risk Indicators” (KRIs), and if not, it is pretty self-explanatory. The real issue is: Are you actually using them to power your business goals for the year? The three questions asked when first establishing KRIs are:
What do KRIs really mean from a security standpoint?
Why are KRIs important for my business?
What ar [...]Keep Reading
How valuable would it be to foresee the future? And would you want to change the future if you could? Those are two questions that came up at the 2017 Splunk conference I attended in Washington D.C. At one of the booths at the conference, I had the opportunity to vote for the best super hero power: the ability to be a Splunk Ninja or the ability to predict the future. When I ch [...]Keep Reading
Security Risk Management (SRM) is an exercise in evaluating past failures and contemplating unknown future failures of systems, people, processes, and external events. The SRM exercise is to analyze all of this with the aim to: 1) advance and enforce cyber best practices, and B) develop mitigation strategies to prevent or avoid the risks of failure. SRM has bitten off a big mis [...]Keep Reading
Like many of you, I’ve just gotten back from Black Hat USA 2017. Black Hat was the best conference I’ve ever attended—the energy, the level of interest was unlike anything I’ve ever experienced. I spent three solid days talking with security staff of all levels, and they are wrestling with two distinct buckets of problems:
Vulnerabilities: This includes thousands of [...]Keep Reading
Mike Tyson once famously said, “Everybody has a plan until they get punched in the mouth.”
Recent headlines shine a spotlight on an important issue facing the cybersecurity market today: proving cyber defense performance is difficult. It is what has gotten Tanium in trouble for allegedly using a live customer environment to demo. It is also what has gotten Cylance in tro [...]Keep Reading
I see a set of trends in the world that seem to be colliding. First, the world is becoming digital. By the end of 2017, IDC projects that over two-thirds of CEOs of Global 2000 companies will have Digital Transformation at the center of their strategy. It has already happened in industries like healthcare and finance. The second trend is what I call Cyber Escalation. Cybercrimi [...]Keep Reading
This is the battle that the entire industry has been waiting for – Artificial Intelligence pitted against the Cyberattacker. Soon we will see these two heavyweights square up in what promises to be a thrilling contest of man versus machine.
In one corner is the Cyberattacker. Some prefer to imagine this bad actor as a solo, hoodied programmer with an axe to grind against b [...]Keep Reading
Few things are more revered than elections in the United States. As Americans, we get exasperated at times by the ‘making of the sausage’. But when the votes are cast we take great pride in our democracy. Although the election for President is still three months away, perhaps the biggest event of the season occurred last week. The election got hacked. More accurately, the e [...]Keep Reading