Unless you went very dark for an extended holiday break, you are no doubt very well aware of the United States’ targeted killing of Iranian General Qasem Soleimani on January 3rd. This blog is based on a tweetstorm I wrote on Friday afternoon in response to the killing. A follow-up blog provides me the flexibility […]
I recently joined our ShadowTalk podcast to discuss 2019 planning and prioritization. If you listen, you will notice that I’m loath to refer to January planning as “New Year’s resolutions” since you know what happens to those resolutions. Three weeks into the month, they have faded into your distance memory. Quick question though, if you […]
Today, the 11th edition of the Verizon Data Breach Investigations Report (DBIR) has been released. This year’s report includes 53,308 security incidents, 2,216 data breaches, 65 countries, and 67 contributors. I participated in a panel discussion with the Verizon team on BrightTALK earlier today. Listen to the recording here. The DBIR is one of the […]
Last week, Enterprise Strategy Group (ESG) principal analyst, Jon Oltsik, wrote an article for CSO titled: “RSA Conference: CISOs’ top 4 cybersecurity priorities.” Jon highlighted four areas that security executives will be looking for at next week’s RSA Conference: Executive-level threat intelligence (Jon highlighted Digital Shadows (now ReliaQuest) in this category) Integrated security platforms Business […]
Well it is official, I’m now the Chief Information Security Officer here at Digital Shadows (now ReliaQuest). It has been while since I was on the practitioner side of the house and my days defending networks at the University of Texas at Dallas seems like ages ago. When I was at Forrester Research, I often […]
Earlier today it was revealed that the United Kingdom’s National Health Service was targeted by ransomware known as “WannaCry.” Sixteen NHS organizations were impacted by the attack, and victims have spread across the globe and will likely continue to do so. WannaCry takes advantage of SMB vulnerabilities in Windows, using the ETERNALBLUE exploit which was […]
In my previous blog, “Trump and Intelligence: 6 ways to deal with challenging intelligence consumers,” I focused on six ways to effectively communicate and tailor intelligence to uninformed and/or difficult executive audiences. I want to make this a blog series and expand upon some of my guidance from that blog. I am cheating a bit; […]
Last week, the great Mike Rothman (of Securosis fame) and I did a webinar titled: “Building a Strategic Threat Intelligence Program.” Mike is a great person to collaborate with; he has great advice, especially when it comes to building security programs. Our conversation was framed around recent Securosis threat intelligence research and you can get […]
Last week Verizon released the 2016 Data Breach Investigations Report. If you haven’t read it yet, I highly recommend that you do so; the Verizon DBIR should be on everyone’s reading list. I have provided my thoughts on previous DBIR reports and want to do the same this year. The data for the 2016 DBIR […]
Let’s face it, many organizations have their heads in the sand. In some cases this choice is a deliberate one; the temperature down there is cool and your face gets exfoliated. Skin care for the win! I cannot count the number of times I’ve heard security leaders say that they would rather be unaware of […]