Skip to Content


Iranian Cyber Threats: Practical Advice for Security Professionals

Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United States’ targeted killing of Iranian General Qasem Soleimani on January 3rd. This blog is based on a tweetstorm I wrote on Friday afternoon in response to the killing. A follow-up blog provides me the flexibility […]

CISO Spotlight: Security Goals and Objectives for 2019

I recently joined our ShadowTalk podcast to discuss 2019 planning and prioritization. If you listen, you will notice that I’m loath to refer to January planning as “New Year’s resolutions” since you know what happens to those resolutions. Three weeks into the month, they have faded into your distance memory. Quick question though, if you […]

Leveraging the 2018 Verizon Data Breach Investigations Report

Today, the 11th edition of the Verizon Data Breach Investigations Report (DBIR) has been released. This year’s report includes 53,308 security incidents, 2,216 data breaches, 65 countries, and 67 contributors. I participated in a panel discussion with the Verizon team on BrightTALK earlier today. Listen to the recording here.   The DBIR is one of the […]

One CISO’s Recommendations for Making the Most of RSA Conference Sessions

Last week, Enterprise Strategy Group (ESG) principal analyst, Jon Oltsik, wrote an article for CSO titled: “RSA Conference: CISOs’ top 4 cybersecurity priorities.” Jon highlighted four areas that security executives will be looking for at next week’s RSA Conference: Executive-level threat intelligence (Jon highlighted Digital Shadows (now ReliaQuest) in this category) Integrated security platforms Business […]

A New CISO Looking to See How Deep the Rabbit Hole Goes

Well it is official, I’m now the Chief Information Security Officer here at Digital Shadows (now ReliaQuest). It has been while since I was on the practitioner side of the house and my days defending networks at the University of Texas at Dallas seems like ages ago. When I was at Forrester Research, I often […]

WannaCry: The Early 2000s Called, They Want Their Worms Back

Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have spread across the globe and will likely continue to do so. WannaCry takes advantage of SMB vulnerabilities in Windows, using the ETERNALBLUE exploit which was […]

Two Ways to Effectively Tailor Your Intelligence Products

In my previous blog, “Trump and Intelligence: 6 ways to deal with challenging intelligence consumers,” I focused on six ways to effectively communicate and tailor intelligence to uninformed and/or difficult executive audiences. I want to make this a blog series and expand upon some of my guidance from that blog. I am cheating a bit; […]

5 Takeaways From The “Building A Strategic Threat Intelligence Program” Webinar

Last week, the great Mike Rothman (of Securosis fame) and I did a webinar titled: “Building a Strategic Threat Intelligence Program.” Mike is a great person to collaborate with; he has great advice, especially when it comes to building security programs. Our conversation was framed around recent Securosis threat intelligence research and you can get […]

Analyzing the 2016 Verizon Data Breach Investigations Report

Last week Verizon released the 2016 Data Breach Investigations Report. If you haven’t read it yet, I highly recommend that you do so; the Verizon DBIR should be on everyone’s reading list. I have provided my thoughts on previous DBIR reports and want to do the same this year. The data for the 2016 DBIR […]

Moar Sand!

Let’s face it, many organizations have their heads in the sand. In some cases this choice is a deliberate one; the temperature down there is cool and your face gets exfoliated.  Skin care for the win! I cannot count the number of times I’ve heard security leaders say that they would rather be unaware of […]