Category Archives: InfoSec

How To Get My Attention

A couple days ago, I let it be known on LinkedIn that I had taken a new position as the Director, Information Security at Esterline Technologies. Then I got a bunch of private messages from sales folks trying to sell … Continue reading

0Shares
Posted in Career, FUD, InfoSec, Life and Times | Tagged , , , , , | 1 Comment

Trolls

I hate it when I get caught by trolls. No, there is no new LinkedIn breach. I read the article and missed the date on it. Thanks Jayson Street for pointing out the date to me.  Facebook 0 Twitter 0 … Continue reading

0Shares
Posted in InfoSec | Tagged , , | Comments Off on Trolls

Information Security and Tanks

Not too long ago my good friend, Michael Farnum, invited me to be the closing speaker at HouSecCon. I told him I would love to … then he asked me to give a talk that involved my military experience and … Continue reading

0Shares
Posted in Career, InfoSec, Life and Times, Military | Tagged , , , | Comments Off on Information Security and Tanks

Emergency Preparedness and Cyber Security

This week I had the opportunity to be the plenary speaker for the Alaska Homeland Security Preparedness Conference. It was a great chance to talk to folks who worry about terrorism and natural disasters and convey to them the impact that … Continue reading

6Shares
Posted in Conferences, CyberWar, InfoSec, Security | Tagged , , , | Comments Off on Emergency Preparedness and Cyber Security

Do The Security Basics Well ….. AGAIN (and again, and again)

I’m not really sure what it is going to take for people to do Information Security basics well. Just how many multi-million credit card breach, PLA attacks a hospital company, hacktivists use insider to breach you headlines is it going … Continue reading

0Shares
Posted in Career, InfoSec, Security | Tagged , , , | Comments Off on Do The Security Basics Well ….. AGAIN (and again, and again)

The Threat & Vulnerability Management Maturity Model Arrives

If you follow my blog, you know the Threat & Vulnerability Management Maturity Model has been in the works for a while now. I’m happy to report the full model has finally been published in Core Security’s latest white paper. What’s … Continue reading

18Shares
Posted in InfoSec, Security, Vulnerability Management | Tagged , , , , , , | Comments Off on The Threat & Vulnerability Management Maturity Model Arrives

Another Preventable Breach

Another entry in the “Preventable Breach” and “We could have prevented this” columns. This appears to be all about change and configuration management. An area that really needs some work, clearly. Brian Krebs announced last night that there has been a … Continue reading

0Shares
Posted in InfoSec, Security, Vulnerability Management | Tagged , , , , | Comments Off on Another Preventable Breach

Year One

It’s the end of Year One at Core Security. Time really flies when you’re having fun. I’ve been here for 12 months now, and a couple days, and I guess I should do the “looking back after the first year” … Continue reading

0Shares
Posted in Career, Cigars, InfoSec, Security, Vulnerability Management | Comments Off on Year One

The Maturity Model … Matures

We are making good progress with the Vulnerability Management Maturity Model now. We have a very nice looking graphic that aligns activity across each stage of maturity. Next steps include demonstrating the business value of improving maturity, providing an assessment … Continue reading

0Shares
Posted in InfoSec, Risk Management, Security, Vulnerability Management | Tagged | Comments Off on The Maturity Model … Matures

Vulnerability Management Maturity Model

I’ve been working on this for a couple months now. Basically, we all know the truth of the matter is that intrusions happen because we security guys are not able to patch the things that matter, fix the areas that intruders … Continue reading

1Shares
Posted in Conferences, InfoSec, Security, Vulnerability Management | Tagged , , , , , | Comments Off on Vulnerability Management Maturity Model