Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What…
Latest stories
Improve Security by Hiring People Who Know Everything
If you’re having a hard time securing your infrastructure, then maybe you need to step up the requirements for expertise. Why not ask for everything? We’re offering unreasonable advice on this week’s episode of CISO/Security Vendor Relationship Podcast. This episode…
Defense in Depth: Hacker Culture
The hacker community needs a new PR campaign. Far too many people equate hacker with criminal. But hacker is a mindset of how one approaches security. What is that approach and why are CISOs so attracted to hiring hackers? Check…
Just Click “Accept” As We Explain Informed Consent
Even if you do give “informed” consent, do you really understand what we’re doing with your data? Heck, we don’t know what we’re going to do with it yet, but we sure know we want a lot of it. It’s…
Defense in Depth: Bad Best Practices
All professionals like to glom onto “best practices.” But in security, “best” practices may be bad out of the gate, become useless over time, or they’re not necessarily appropriate for all situations. Stay tuned, we’re about to expose some of…
Who Are the Perfect Targets for Ransomware?
If you’ve got lots of critical data, a massive insurance policy, and poor security infrastructure, you might just be a perfect candidate to be hit with ransomware. This week and this week only, it’s an extortion-free episode of CISO/Security Vendor…
Defense in Depth: Cyber Harassment
Whether a jilted lover or someone trying to wield their power over another, cyber harassment takes many forms and it doesn’t stay in the digital world. It comes into our real world and gets very dangerous. What is it and…
Passwords So Good You Can’t Help But Reuse Them
We’ve just fallen in love with our passwords we just want to use them again and again and again. Unfortunately, some companies more interested in security aren’t letting us do that. We discuss on the latest episode of CISO/Security Vendor Relationship Podcast. This…
Defense in Depth: CISO Series One Year Review
The CISO/Security Vendor Relationship Podcast is now more than a year old. On this episode, the hosts of both podcasts, reflect on the series and we respond to listeners critiques, raves, and opinions. Check out this post and this post…
Please Don’t Investigate Our Impeccable Risk Predictions
It’s easy to calculate risk if no one ever checks the accuracy of those predictions after the fact. It’s all coming up on CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder…