Protecting Your Kids Online

The More You Know . . . Picture it—Texas, 1985: A scrawny, neurotic eight-year-old asks her dad for help with her homework. The assignment? Design a Fire Safety Plan for your home and family. My dad is former military. He was, to put it mildly, rigorous about rules and safety, so my plan was the […]

The Five Best TED Talks on Cybersecurity

Teddy Bear looking cute

It’s been a long year since the pandemic began, and one of the things that I’ve missed most has been the opportunity to be able to attend our local TED talks or to hear my cyber peers share their important perspectives on cyber with the TED audiences. With that in mind, I thought I’d share […]

Make Cybersecurity Easy With Tiny Habits

Have you ever been told to never write your password down? Or never use social media? Don’t click on links? Never use Wi-Fi at a coffee shop? Cybersecurity should be easy, but sometimes advice like this makes it seem hard. We think making cybersecurity can be easy, you just need to build habits. There are […]

The Inside Story of How The Girl Scouts Created Their Cybersecurity Merit Badges

Empty classroom

In June 2017, I was in Vancouver, British Columbia, attending Palo Alto Networks’ annual cybersecurity conference, Ignite. Typically, the focus is on in-depth technical challenges and on how customers are solving those problems using Palo Alto’s technology, but something different happened in 2017. During the opening keynote, Mark McLaughlin, who was the CEO of Palo […]

Cybersecurity Mythbusters – Biggest Phisher Edition

You should always expect to get a phishing message. Or at least that’s what we tell people. That is the solution to all our phishing problems, right? Actually, I think this has turned out to be another one of those myths that we tell ourselves in the cybersecurity world. And to protect our communities effectively, […]

Cybersecurity’s Pepsi Challenge

I’ve been thinking a lot lately about one of the most famous marketing campaigns of all time, the Pepsi Challenge. But this isn’t an article about soft drinks, or marketing agencies.  This article is about cybersecurity awareness and how we need something better. If you’ve never taken the Pepsi Challenge, let me describe it for […]

Phishing Fair Can Build Trust

I was talking with some colleagues on LinkedIn recently about simulated phishing. A company last week used a particularly tone deaf simulated phishing message at a company struggling during the COVID-19 pandemic. Employees had been furloughed, salaries were cut, so when a simulated phishing message claiming to offer bonuses was sent, the employees were furious. […]

Bullet Resistant Cybersecurity Advice

image of a woman looking through a broken car window

In the beginning of Andrew Carnegie’s famous book, How to Win Friends and Influence People, he tells the story of safety inspector George Johnston. Johnston’s job was to get people to wear hard hats at construction sites. He would tell them, with the force of his authority, that they should wear their hats — even […]

The Top 10 Best Cybersecurity Strategies

After reading the great list of the Top 10 Worst Cybersecurity Strategies from Matthew Rosenquist I started thinking about what a similar list might look like for best cybersecurity strategies. We often focus on what not to do in cyber…and this makes sense, it’s more efficient to avoid problems. Where is the advice on what […]

The 60 Questions To Ask Before You MSSP Your SOC

Next week, I’ll be giving a talk “To MSSP or Not to MSSP: Some SOC Questions” at Educause Security Professionals. I’ve never met anyone who has said they love their MSSP. My team and I have been through several POCs with MSSPs, and have used several SOCs with various results. I don’t think there is […]

Culture Eats Cybersecurity For Breakfast

EGG LOCKS

Eggo Waffles weren’t always called Eggo Waffles. In the 1950s, in the boom that followed World War II, Americans began a love affair with frozen foods. Frank Dorsa and his three brothers in San Jose California had been running a highly popular mayonnaise business and had expanded into powdered waffle mix, but demand for their […]

Unsolicited Advice For Solicitors: Part Deux – An Unexpected Calendar Entry

I got a calendar invite from a vendor this week. Several of my colleagues were included, but not ones that I would normally meet with. I had never met this vendor before. I had never exchanged emails with this salesperson. I checked with my colleagues and none of them had ever had a conversation with this individual either. As I […]

What Toys R Us Taught Me About Growing Up

When I was in high school, I got a job working at Toys R Us. It was one of the best jobs I ever had, and to this day I still think about all of the lessons I learned about service to others, responsibility, and integrity. My secret ambition was to be able to wear […]

The Funny Thing About Blind Spots

When I was in college, I got a job one summer at a comedy club. It wasn’t as glamorous as it sounds. I didn’t get to meet any comedians. My job was essentially a telemarketer. I would call people who had attended previous shows and tell them they had won free tickets to see the […]

The Best Job I Ever Had

“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.” -Hellen Keller In honor of Labor Day, I’ve been reflecting on my career […]

Cybersecurity New Years Resolution

I don’t normally make New Year’s resolutions. But when I do, I start them in March. As you may have noticed, I decided to start blogging again. I published a book last year on cybersecurity for the layperson (managers, salespeople, executives) and I knew I wanted to begin writing a sequel. I didn’t have a theme […]

Cybersecurity Training Scars

There’s an old story in law enforcement circles that comes from the era of revolvers. During practice, officers would dump their spent brass cartridges into their hand after shooting a round rather than letting the brass fall to the floor where other people might slip and fall on it. Officers would then take the time to put […]

An OSI Model for Security Awareness

There are two parts of every great performance: the outer game and the inner game. Most books on coaching focus on the outer game. The outer game is what happens on the field. What sport are you playing? What plays are happening? What techniques are you using to hold or hit the ball? How do […]

It’s Always Sunny In Cybersecurity

In ancient times when there was a total eclipse, many people believed that evil was taking over the world. In those days, before telescopes or astronomy, people believed that the sun was some sort of god: the Greeks called this god Helios and the Egyptians called him Amun-Ra. The idea that a god could be […]

Cybersecurity Secret Santa

One year, I asked for a video game for Christmas. This was back when video games still had cartridges and came in a very distinctive package. So when I saw this familiar shape with some Santa Claus wrapping paper around it, I knew I had gotten what I wanted. I usually had two hours after […]