One of the subtler challenges of security is actually knowing the scope of your job. And it’s made trickier by this “cyber” hype disease we’ve collectively caught as an industry over the last few years. I think it’s actually sort of a function of the crisis of definition over the roles in a security program […]
Quadrilhas, unicorns and the big lie about cybersecurity talent
Today’s another holiday here in the Northeast of Brazil. I mentioned how the whole month of June is kinda one big holiday anyway, but today is one of the specific days honoring a specific saint. In the past, the farmers gave thanks to São Pedro (St. Peter) for the rain. Today, St. Peter is doing […]
Why Your Cybersecurity RCA Isn’t Working
Recently, I was having a discussion with a customer we’re working with to restructure their IT Security department and adopt SABSA end to end. Doing this will more effectively manage their cybersecurity risks and keep them directly focused on supporting business execution, not just doing security for security’s sake. The Problem One of the problems they […]
Security — What does that mean?
Security isn’t really a thing—it’s more a feeling you get when you believe things are the way you expect them to be. You expect things you care about to be “ok”, but most of the time, we really don’t think about what that means either. Maybe it means that something is “safe”, e.g. free from […]
Cybersecurity for Boards: What You Need to Know Now
$22 billion in losses by businesses per year. $11 million in fraudulent charges. 50 enforcement actions by the US FTC in the last 10 years. 1.2 billion usernames and passwords and 500 million email addresses from 420,000 websites. 63,437 security incidents in 95 countries. 79 seconds between thefts of personal data. $3.5 million is the […]
