How much of your security control environment has been driven by, basically, “it seemed like there was a gap” or, “it seemed like a good idea” instead of being traceably linked to real business requirements? Now, how many of those controls are the same ones that the user community complains the most about? Hmmm….any correlation? […]
Avoiding being n-trouble thanks to tomorrow’s security frameworks
Back in the day when I was a wet-behind-the-ears CS student with a 14.4K modem and a NeXTcube on my desk (yes, I was very lucky, and it was a helluva upgrade from my previous Zenith Z-183 laptop), I discovered the pbmplus library. I actually don’t remember why I needed it, but it was the […]
Are you the Evil Security Fairy?
Today, we have back-to-back school birthday parties for both of the youngsters. First it was for my daughter in the morning, and next, we’re going to one for our son. I guess some of the musical genes did pass through after all, because both of them love to sing when they’re in the car…and sometimes, […]
The 2-Hour ESA: fact or fiction?
How long would it take you to create an actionable enterprise security architecture from scratch for a project charter for an organization you’ve never seen and have no real industry knowledge about? One of the detailed examples I mentioned before that’s included in the book I’m letting you decide whether I should write is the […]
Effective action without the hits and misses of the 10,000 hour myth
Do you really want to become a world-class security leader or security architect, or do you want to set a different target? Because remember…“great” is often the enemy of “good enough.” We’ve all heard the magic 10,000 hour figure before. Malcom Gladwell popularized it in the book Outliers, and then you hear it in songs, […]