Yesterday, I let you in on one of the biggest secrets of security: that the primary role you have in delivering your mission and purpose of security is creating and maintaining the organizational security policies. Today, I’m going to let you in on the biggest secret of security: You have the power to control the […]
Eating your security requirements
Ok, I get it. The whole concept of Security Requirements Engineering might be just like that old Life cereal commercial I grew up with. You might remember, if you’re old like me, but there’s these two brothers, and they have a bowl of cereal. One says to the other, “What’s that?” The other looks at […]
Gimme 3 types…gimme 3 types, mister
Whether or not you’re cutting the rug with Linda Lou or shakin’ like a leaf on a tree, one thing you need to know about requirements if you’re going to have a hope of tryin’ to prove they’re the right ones you should be including into your security program is that there’s 3 types: The […]
Johnny and the Mothers are playin Stompin’ at the Savoy in Vermont tonight
One movie that’s stuck with me since I was a kid was Johnny Dangerously. It’s so silly it’s still funny—especially the “C’mon shelf paper!” car chase scene…but that’s fodder for another email. If you’ve seen the movie, you might remember that a critical point was when Vermin, the aptly named villain of the story, discovers […]
Why “don’t click links” is credibility-killing cybersecurity advice
A couple of days ago, Mike Johnson, who was the former CISO of Lyft, started a thread on LinkedIn about bad cybersecurity advice that must die. His contribution to the thread was the oft espoused “don’t click links” mantra of many in our industry—including some people who I respect. I have to agree with him. […]
- « Previous Page
- 1
- …
- 38
- 39
- 40
- 41
- 42
- …
- 59
- Next Page »