One of the things that’s even harder to talk about with organizations than security architecture is security governance. And the reason I think this is true is that people have the wrong idea about what security is supposed to do in the organization. They think we’re the police, so naturally, the only thing we care […]
When to ignore Teddy Roosevelt
I have to admit I have a lot of respect for Teddy Roosevelt and many of the things he did and said. In fact, I have his “arena” quote printed out and stuck to the wall above my desk. One of his other famous quotes is this one: “In any moment of decision, the best […]
Are you drinking the “Zero Trust” Kool-Aid from a poisoned chalice?
I subscribe to a lot of lists. All kinds of lists, actually, but of course, I subscribe to a lot of the “security” lists out there to see what people are talking about and keep up to date with things—just like you do. However, I’m seeing an uptick in the “Zero Trust” phrase in the […]
The Ethan Hunt rule of risk assessments
You remember all those scenes from the movies: Ethan Hunt sitting in First Class of a 747 and gets handed some kind of recording device with an intelligence briefing about his mission, should he choose to accept it. What happens next is always the same: “This message will self-destruct in 5 seconds.” And then in […]
When cybersecurity gobbles 11,933,175 hamburgers
Now that’s a lot of hamburgers… But at $4.19 for a Dave’s Hot ’n Juicy 1/4lb Single with Cheese, that’s exactly how many hamburgers disappear from Wendy’s top-line revenue thanks to a $50M settlement they agreed yesterday. Those 12 million burgers represent about 4% of the company’s 2018 revenue, and would roughly equate to the […]
