I have to admit I have a lot of respect for Teddy Roosevelt and many of the things he did and said. In fact, I have his “arena” quote printed out and stuck to the wall above my desk. One of his other famous quotes is this one: “In any moment of decision, the best […]
Head in the clouds…or somewhere else?
One thing that surprises me more than it probably should when I speak with people about their security programs is how much “The Cloud” freaks them out. And, after speaking with them for a while, it’s clear they should be worried. But their habitual response to that worry is…you guessed it: “We brought in vendor/solution/tool […]
Detail junkies
Today, I indulged myself a little and took a break with the family since I spent almost all weekend pounding out the August newsletter. Now that it’s basically in the bag, I wanted to talk about something that I’d been beating around the bush about before, but even I wasn’t really quite aware of until […]
Got Agile?
There’s a lot of talk about Agile these days. Everyone’s doing it—well, almost everyone. And those who aren’t are a particular shade of green with envy and full of laments, remorse and frustration as to why they can’t be agile too. But here’s the thing about “agile”…it’s the thing that applies to quite a lot […]
Tossing the DevSecOps zombies over the waterfall
I get what the whole DevSecOps movement is trying to accomplish. I really do. Because they’re right: The “traditional” approach to security is well and truly broken. We have proof of this every day from the trenches, let alone the headlines. And so, we need to “Shift left!” “Shift left…shift left…shift left…” It’s a mantra. […]
