Bullet Resistant Cybersecurity Advice

image of a woman looking through a broken car window

In the beginning of Andrew Carnegie’s famous book, How to Win Friends and Influence People, he tells the story of safety inspector George Johnston. Johnston’s job was to get people to wear hard hats at construction sites. He would tell them, with the force of his authority, that they should wear their hats — even […]

The Top 10 Best Cybersecurity Strategies

After reading the great list of the Top 10 Worst Cybersecurity Strategies from Matthew Rosenquist I started thinking about what a similar list might look like for best cybersecurity strategies. We often focus on what not to do in cyber…and this makes sense, it’s more efficient to avoid problems. Where is the advice on what […]

The 60 Questions To Ask Before You MSSP Your SOC

Next week, I’ll be giving a talk “To MSSP or Not to MSSP: Some SOC Questions” at Educause Security Professionals. I’ve never met anyone who has said they love their MSSP. My team and I have been through several POCs with MSSPs, and have used several SOCs with various results. I don’t think there is […]

Culture Eats Cybersecurity For Breakfast

EGG LOCKS

Eggo Waffles weren’t always called Eggo Waffles. In the 1950s, in the boom that followed World War II, Americans began a love affair with frozen foods. Frank Dorsa and his three brothers in San Jose California had been running a highly popular mayonnaise business and had expanded into powdered waffle mix, but demand for their […]

Unsolicited Advice For Solicitors: Part Deux – An Unexpected Calendar Entry

I got a calendar invite from a vendor this week. Several of my colleagues were included, but not ones that I would normally meet with. I had never met this vendor before. I had never exchanged emails with this salesperson. I checked with my colleagues and none of them had ever had a conversation with this individual either. As I […]

What Toys R Us Taught Me About Growing Up

When I was in high school, I got a job working at Toys R Us. It was one of the best jobs I ever had, and to this day I still think about all of the lessons I learned about service to others, responsibility, and integrity. My secret ambition was to be able to wear […]

The Funny Thing About Blind Spots

When I was in college, I got a job one summer at a comedy club. It wasn’t as glamorous as it sounds. I didn’t get to meet any comedians. My job was essentially a telemarketer. I would call people who had attended previous shows and tell them they had won free tickets to see the […]

The Best Job I Ever Had

“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.” -Hellen Keller In honor of Labor Day, I’ve been reflecting on my career […]

Cybersecurity New Years Resolution

I don’t normally make New Year’s resolutions. But when I do, I start them in March. As you may have noticed, I decided to start blogging again. I published a book last year on cybersecurity for the layperson (managers, salespeople, executives) and I knew I wanted to begin writing a sequel. I didn’t have a theme […]

Cybersecurity Training Scars

There’s an old story in law enforcement circles that comes from the era of revolvers. During practice, officers would dump their spent brass cartridges into their hand after shooting a round rather than letting the brass fall to the floor where other people might slip and fall on it. Officers would then take the time to put […]

An OSI Model for Security Awareness

There are two parts of every great performance: the outer game and the inner game. Most books on coaching focus on the outer game. The outer game is what happens on the field. What sport are you playing? What plays are happening? What techniques are you using to hold or hit the ball? How do […]

It’s Always Sunny In Cybersecurity

In ancient times when there was a total eclipse, many people believed that evil was taking over the world. In those days, before telescopes or astronomy, people believed that the sun was some sort of god: the Greeks called this god Helios and the Egyptians called him Amun-Ra. The idea that a god could be […]

Cybersecurity Secret Santa

One year, I asked for a video game for Christmas. This was back when video games still had cartridges and came in a very distinctive package. So when I saw this familiar shape with some Santa Claus wrapping paper around it, I knew I had gotten what I wanted. I usually had two hours after […]

Abundant Cybersecurity

I was talking with a fellow CISO at a conference recently and she said something that resonated with me. She had just acknowledged that she wasn’t fully staffed and that her budget was down slightly. “But we’re doing better than we ever have,” she explained. It took a few weeks for me to process this, […]

The Nine Habits of Highly Effective Cybersecurity People

I was interviewing a manager recently about his department’s cybersecurity practices when I asked him whether they lock their paper records up at night. He said yes, they keep their files locked at all times, not just at night. I pointed to the filing cabinet in his office, where they key was still sticking out […]

Cybersecurity Role Models

Every time I interview a candidate, I ask, “Who is your role model in cybersecurity?” Some candidates name famous hackers, like Kevin Mitnick. Others choose well-known journalists like Brian Krebs or a prolific writers like Bruce Schnier. One candidate said their role model was Neo from the Matrix movies. There isn’t any right answer to this […]

You’re Fired – Cybersecurity Apprentice

You’re fired. No, this isn’t about a politician’s catchphrase. It’s actually something I overheard at a conference last year. I was listening to two people sitting near me talk about a security incident that had happened at the woman’s company. “He should be fired,” was the other person’s immediate response. This makes me wonder if […]

Security Awareness Training, Now With Personality!

I had the opportunity a couple of months ago to meet Kevin Finke at a conference. Kevin isn’t a security guy, he’s a self described design nerd. But Kevin has changed the way I look at my security awareness program. We talk a lot about how we need to “revolutionize” our security awareness programs, but […]

The Next Generation of Security Professionals

Yes…that’s me and my wife, hanging out with Jeordi LaForge (LeVar Burton), Dr. Beverly Crusher (Gates McFadden), and Mr. Data (Brent Spiner).  Trek yourself before you wreck yourself. In The War of Art, Steven Pressfield says that the difference between an amateur and a professional is that the professional has a plan. According to CSO […]

Unsolicited Advice For Solicitors

“These are the new leads. These are the Glengarry leads. And to you they’re gold, and you don’t get them. Why? Because to give them to you is just throwing them away. They’re for closers.” –Glengarry Glen Ross This past week I got around 70 cold calls or emails from vendors I’ve never worked with […]