4.17.23 > Milinda Rambel Stone Imagine. Imagine an organization that has visibility into its cybersecurity risks and actively makes sustainable, risk-based business decisions that are measurable and quantifiable. This idea is one that must be created. As an information security community, we need to drive this change for continued business and operational relevance. Design. We must first start by incorporating security risk in all business and technology decisions. Using an industry respected security control framework such as NIST SP 800-160 and engineering risk decisioning across your security control environment is a logical starting point. By proactively architecting and designing a ...
Read More

4.12.23 > Michelle Greeley As outsourced business models continue to rise in popularity, cybersecurity threats facing organization supply chains are growing unprecedentedly, requiring stringent third-party risk mitigation and the utmost awareness of management teams alike. Throughout 2022, companies spent over $700 billion on establishing or expanding outsource capabilities. Breaking this down by segment, IT outsource spending is expected to reach $519 billion in 2023, a 22% increase over 2019’s numbers. Similarly, business process outsource spending is forecasted to total $212 billion in 2023, an increase of 19% over 2019 . The threat landscape of malware, ransomware, phishing attacks, and viruses ...
Read More

4.10.23 > Chris Buse Chief Information Security Officers (CISOs) face a daunting challenge: keeping abreast of and demonstrating compliance with constantly changing compliance requirements. CISOs frequently use the term “compliance bar”, which implies that there is single set of regulatory guidance to pick up and read. That is not the case. A significant challenge is normalizing requirements from numerous state and national regulators, none of which use common nomenclature. In effect, every CISO must create and maintain his or her own compliance bar. The Bar Keeps Rising The common themes of regulators in the financial services sector are more granular ...
Read More

4.5.23 > Gregory Ogdahl In today's digital age, cyber threats are becoming increasingly sophisticated and frequent. Organizations must take a proactive approach to safeguard their data, systems, and networks against cyberattacks. A resilient, highly trained, and ready cyberspace operations and intelligence team is essential to achieve this objective. Building such a team requires a combination of strategic planning, recruitment, training, and retention efforts. In this brief article, I propose a few key concepts and ideas to build a resilient, highly trained, and ready cyberspace operations and intelligence team, to include minimizing attrition. Develop a comprehensive talent acquisition strategy The first ...
Read More

4.3.23 > David La Belle The internet was “officially” introduced to the public in 1993. Since then, the integration into society —along with the size, scope, and complexity of the systems — has been parabolic. And while the sophistication and abilities of the tools we use to protect our infrastructure have increased, the challenges we encounter when building and maintaining those systems are truly basic. Let’s take passwords for example. To appease the user and provide an “easy” experience, many password policies require a minimum of an eight-character password, which I (and a smart fifth grader) could crack, regardless of ...
Read More

3.29.23 > Paul Veeneman Occasionally I am asked, “How do you decide what to post on social media?” First, it was a learning experience, and second, posts, articles, or other submission of content always start by asking myself, “Is this relevant, informative, of value, and would I take 2 minutes out of my day to read it?” 120 seconds. In the world of 15-second sound bites, it might be asking a lot. Getting to know the audience, figuring out “for Whom” is a big part of the question. The Whos are a fictional community of joyful folk that live in ...
Read More

3.27.23 > Shawn Riley Can you name a job that does not use computer technology today? There are a few, but very, very few.  The near ubiquitous usage of internet connected computer technology has blown the cyber challenges of today up hundreds-fold from only a couple decades ago.  While this amazing growth in technology has simplified lives and brought new opportunities around the world, the major challenge this technology has brought is that it requires immense teams to secure it.  Sadly, we don’t have anywhere near enough people to work the security problems. Workforce challenges across the cyber industry having ...
Read More

3.22.23 > Mary Frantz We are a global economy, and the internet has been a driving force in creating that economy.  The internet is a vast information exchange environment that in the last three decades has grown exponentially from government- and business- focused usage to become a household necessity. Internet usage spans the entire socio-economic and demographic spectrum, and organizations and individuals Worldwide depend upon stable and secure access to the internet to remain solvent, and in the case of individuals, physically survive. It has also almost eliminated physical distance from our ability to learn and grow using in-person communication, ...
Read More

3.15.23 > Loren Dealy Mahler As infosec leaders, we have a responsibility for securing our organizations, but we know that despite whatever mandate comes from the top, achieving 100% security is a pipe dream. We stress ourselves out searching for the silver bullet that will protect us from anything and everything, and we wear ourselves out searching for a new solution, a new technology, or a new vendor’s magic elixir. Despite this unrealistic goal, we keep telling ourselves it’s our responsibility to provide answers with clear, scientific accuracy. But what if we shift our thinking and acknowledge that while those ...
Read More