One of the things that’s even harder to talk about with organizations than security architecture is security governance. And the reason I think this is true is that people have the wrong idea about what security is supposed to do in the organization. They think we’re the police, so naturally, the only thing we care […]
DevSecOps picnics in the park
As you might know, I really do waffle a bit between loving and hating DevSecOps as a concept. I think it’s great on the one hand because it’s shined a light on a lot of really bad software development practices people like John Viega, Gary McGraw and my friend Sverre Huseby have been talking about […]
A Sunday Rumi-nation on shorter walks
This morning, I ran across the following quote when I was looking for the longer body of a different Rumi quote I saw in my LinkedIn feed from a friend: “Whoever travels without a guide needs two hundred years for a two-day journey.” — Rumi I know that in my own experience, both personally and […]
Looks like I have to write a book!
It’s alive! If you are one of the forward-thinking people who took us over our target of 10 pre-orders for The Definitive Guide to The Agile Security System™, then I thank you for your help and support for validating that there was indeed interest in putting this together. So the good news for you is […]
Is your security architecture as useless as tits on a boar hog?
One of the other big problems I see when I’m working with clients and customers that’s a lack of discipline with how they structure their risk assessments. They’re all over the place, and they smack of all the problems we talk about during the SABSA Foundation course: They’re highly subjective They vary greatly in structure […]
- « Previous Page
- 1
- …
- 11
- 12
- 13
- 14
- 15
- …
- 19
- Next Page »
