Sure, we’d like to merge with your company but geez, have you looked at your security posture lately? Uggh. I don’t know if I could be seen in public with your kind let alone acquire your type. We’re wary as…
Latest stories
Defense in Depth: Machine Learning Failures
Is garbage in, garbage out the reason for machine learning failures? Or is there more to the equation? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO…
Garbage In, Garbage Out is NOT Why Machine Learning Fails
At the RSA 2019 Conference I spoke with Davi Ottenheimer (@daviottenheimer), product security at MongoDB, about where and why machine learning falls short. One might assume garbage in, garbage out, but who determines what’s garbage and what’s not can greatly…
All Aboard the 5G Paranoia Train
We’re getting excited and stressed out about the impending 5G network that appears will control our lives and all our cities. Will it be as exciting, productive, and lacking of security protocols as we expect? We discuss that and more…
How Much Damage Can the Network at a Hacker Conference Take?
For a normal organization, it would be a year’s worth of malicious traffic. At the Black Hat conference, their network sees the same in about two days. That’s what Neil “Grifter” Wyler (@Grifter801) said about the network behavior he sees…
Defense in Depth: Software Fixing Hardware Problems
As we have seen with the Boeing 737 MAX crashes, when software tries to fix hardware flaws, it can turn deadly. What are the security implications? Check out this post and discussion for the basis of our conversation on this week’s…
25 Tips to Reduce the Frustration of Vulnerability Management
Vulnerability management (VM) has become synonymous with frustration. Breaches often result from exploited vulnerabilities that are known, yet not patched. The compromise was avoidable. Why couldn’t we stop it? The problem stems from security “trying to manage a mountain of…
Do You Know the Secret Cybersecurity Handshake?
We get the feeling that as we’re adding more solutions and requiring more certificates, we’re just making the problem of finding great security talent harder and harder. Has the problem of not enough talent become an issue that we created?…
Defense in Depth: Tools for Managing 3rd Party Risk
Are there any good tools that really help to manage third-party risk? Can tools alone solve this problem? What else is required? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David…
What Do Security Vendors Say or Do That Sets Off Your BS Detector?
Due to the popularity of my article, “30 Behaviors of Security Vendors That Set Off a CISO’s BS Detector” I decided to ask the same question to security experts at the Security BsidesSF conference, just ahead of the RSA Conference…