Over the weekend, I happened on a particular post in my Twitter feed that actually irritated me enough that I’m still thinking about it this morning as I write this email. The scene was somewhere in an urban, 3rd-world setting where a family with three small children were filmed lying in the street. The children […]
In retrospect…we could’ve spent more on cybersecurity
This evening, my wife and I finally got around to watching Laundromat. If you haven’t seen it, it’s really quite good—along with the similar series on Amazon Prime about the international financial system. And, it’s partially narrated by the most recent voice of both Zorro and Puss…in Boots, so really, what’s not to love? As […]
When to ignore Teddy Roosevelt
I have to admit I have a lot of respect for Teddy Roosevelt and many of the things he did and said. In fact, I have his “arena” quote printed out and stuck to the wall above my desk. One of his other famous quotes is this one: “In any moment of decision, the best […]
Ever wanted a SABSA vocabulary for the CIS20?
It seems like you can’t swing a cat without bumping into the CIS20 when you talk to people about their security programs. It’s one of the things that comes up far more often than ISO 27000, and even more often than the NIST CSF, but that seems to be changing a little. I have to […]
“Just winging it” is for birds, not your security program
How much of your security control environment has been driven by, basically, “it seemed like there was a gap” or, “it seemed like a good idea” instead of being traceably linked to real business requirements? Now, how many of those controls are the same ones that the user community complains the most about? Hmmm….any correlation? […]
