During the research I did last year reaching out to SABSA practitioners, one of the things that kept coming up over and over again was that people were having a really hard time trying to get started with SABSA in their own environments. And this isn’t just with people who take the course and try […]
Tossing the DevSecOps zombies over the waterfall
I get what the whole DevSecOps movement is trying to accomplish. I really do. Because they’re right: The “traditional” approach to security is well and truly broken. We have proof of this every day from the trenches, let alone the headlines. And so, we need to “Shift left!” “Shift left…shift left…shift left…” It’s a mantra. […]
Are you drinking the “Zero Trust” Kool-Aid from a poisoned chalice?
I subscribe to a lot of lists. All kinds of lists, actually, but of course, I subscribe to a lot of the “security” lists out there to see what people are talking about and keep up to date with things—just like you do. However, I’m seeing an uptick in the “Zero Trust” phrase in the […]
Why Your Cybersecurity RCA Isn’t Working
Recently, I was having a discussion with a customer we’re working with to restructure their IT Security department and adopt SABSA end to end. Doing this will more effectively manage their cybersecurity risks and keep them directly focused on supporting business execution, not just doing security for security’s sake. The Problem One of the problems they […]
- « Previous Page
- 1
- …
- 17
- 18
- 19
