I know it probably shouldn’t, but it still blows me away how many people don’t really get the difference between engineering and architecture—especially in security. A good while ago now, I happened on an infosec conversation in the twitterverse talking about the composition of the ideal security team. And, of course, there were SOC people, […]
The myth of the isolated project
I was recently reminded of a pretty pervasive problem that often sneaks in to our worlds as security. That problem is the myth of the isolated project. It often starts simply enough (and if you have kids, you should recognize these warning signs): “It’s just this one time. I won’t ask you to do this […]
The boneyard of failed architecture initiatives
One thing that often happens when people finally discover that security architecture is a whole more than the way their security infrastructure is connected is that they’re all “hot to trot” and want to stand up an enterprise security architecture program from scratch. This is excellent, and one should never underestimate the power of enthusiasm. […]
To re-architect or not to re-architect your security controls
It seems the above is very much “the question” on the minds of security teams looking to take the CI/CD plunge (or who’ve already jumped in, and are splashing with the sharks without their chain-mail wetsuits). But what does it mean? This “re-architecting” of which you speak? And, just when that young lad in the […]
Afraid up-skilling your security team will train them for their next job?
There’s a negative, cynical and sometimes, unfortunately true idea out there that if you pay for skills development with your security team, you’re throwing money away because people are milking you to help them get their next job. There’s a couple of things to say about this. First, yep. It’s true. And it’s not […]
- 1
- 2
- 3
- …
- 56
- Next Page »