Security Risk Management—Where to Start?

Security Risk Management (SRM) is an exercise in evaluating past failures and contemplating unknown future failures of systems, people, processes, and external events. The SRM exercise is to analyze all of this with the aim to: 1) advance and enforce cyber best practices, and B) develop mitigation strategies to prevent or avoid the risks of failure. SRM has bitten off a big mis [...]

Keep Reading

Exploitabilities: Where threats and vulnerabilities intersect

Like many of you, I’ve just gotten back from Black Hat USA 2017. Black Hat was the best conference I’ve ever attended—the energy, the level of interest was unlike anything I’ve ever experienced. I spent three solid days talking with security staff of all levels, and they are wrestling with two distinct buckets of problems: Vulnerabilities: This includes thousands of [...]

Keep Reading

Everybody has a plan until they get punched in the mouth … unfortunately, it’s CISOs who are taking the hits

Mike Tyson once famously said, “Everybody has a plan until they get punched in the mouth.” Recent headlines shine a spotlight on an important issue facing the cybersecurity market today: proving cyber defense performance is difficult. It is what has gotten Tanium in trouble for allegedly using a live customer environment to demo. It is also what has gotten Cylance in tro [...]

Keep Reading

Nehemiah Security—Let’s Go!

I see a set of trends in the world that seem to be colliding. First, the world is becoming digital. By the end of 2017, IDC projects that over two-thirds of CEOs of Global 2000 companies will have Digital Transformation at the center of their strategy. It has already happened in industries like healthcare and finance. The second trend is what I call Cyber Escalation. Cybercrimi [...]

Keep Reading

Heavyweight Bout of the Decade: AI vs. Cyberattackers

This is the battle that the entire industry has been waiting for – Artificial Intelligence pitted against the Cyberattacker. Soon we will see these two heavyweights square up in what promises to be a thrilling contest of man versus machine. In one corner is the Cyberattacker. Some prefer to imagine this bad actor as a solo, hoodied programmer with an axe to grind against b [...]

Keep Reading

2 winners and 3 losers of the DNC Email Hack

Few things are more revered than elections in the United States. As Americans, we get exasperated at times by the ‘making of the sausage’. But when the votes are cast we take great pride in our democracy. Although the election for President is still three months away, perhaps the biggest event of the season occurred last week. The election got hacked. More accurately, the e [...]

Keep Reading