A couple of years ago, McLaren – of F1 and supercar fame – unveiled their fiercest road-going effort yet, the McLaren Senna, inspired by one of history’s greatest racers. It costs just over $1 million. And it goes really fast. In fact, it goes much, much faster than probably a few of the projects in your […]
Playing well with the good little ERM children
Two of the potentially challenging things about doing information and cyber security risk assessments are being able to easily leverage any existing risk assessments done by other areas of the organization and being able to integrate the risk assessments we do with the existing risk ratings already being compiled and aggregated by the ERM team—assuming […]
Coronanormal cloud architecture
Over the last several years, a lot of big brains have been working on the problem of what “secure cloud” should actually mean. And they’ve spent a lot of time producing a lot of documentation—and a lot of big, complex diagrams that attempt to address every possible aspect of the cloud and how to make […]
Why issues with “secrets management” in DevOps aren’t tool problems
Like you, I get a lot of “You MUST watch this webinar” types of emails, and one of the last ones I got that somewhat piqued my interest given some things I’m helping a coaching and mentoring client with was a new one about the ever-present pipe dream promise of “Shift left” with DevSecOps. Ostensibly, […]
DevSecOps picnics in the park
As you might know, I really do waffle a bit between loving and hating DevSecOps as a concept. I think it’s great on the one hand because it’s shined a light on a lot of really bad software development practices people like John Viega, Gary McGraw and my friend Sverre Huseby have been talking about […]
