Clik here to view.
RSA 2019: Has Zero Trust Become an Impediment?
RSA CEO Rohit Ghai and former Chief Strategy Officer Niloofar Razi Howe’s keynote today could have been re-titled “Standing in the Bleak Landscape of Zero Trust.” It has become an impediment, they...
View ArticleInfosecurity Magazine Online Summit North America: IAM Panel on March 27
I’ll be speaking at the Infosecurity Magazine Online Summit North America on an IAM panel at 3:00 PM EST March 27. I’ll be on with Diana Kelley (Cybersecurity CTO, Microsoft) and Paul Simmonds (CEO,...
View ArticleClik here to view.
Active Directory Audit: Why and How
Why is 1:00 PM EST March 26 important? That’s when I’ll be presenting an Active Directory Audit webinar. The figure below features some of the issues I’ll be covering that motivate audit. A brief...
View ArticleClik here to view.
Helping CISOs and Board Members Communicate on Risk: A Shared Assessments...
Returning from the Shared Assessment Summit 2019 last week, I was struck by one repeated message: CISOs and Board of Directors members are still struggling to assess and communicate risk. Early in the...
View ArticleClik here to view.
Rational Cybersecurity Q2 Update
Since launching the Rational Cybersecurity for the Business book project to kick off the New Year, I’ve made great progress, completing more than 20 security leadership interviews, and drafts for 5 of...
View ArticleClik here to view.
Could a Global Reputation System Restore Trust to Business and Governance?
“A global reputation system will restore trust,” said RSA CEO Rohit Ghai during a keynote presentation I reviewed at RSA 2019. In the same way that whitelisting is more effective than blacklisting in...
View ArticleMastering Hybrid Active Directory Auditing Webinar: June 11
Hybrid Active Directory Auditing seems like a topic no one is covering – until now! Please sign up with BeyondTrust for my June 11, 2019 | 1:00 PM – 2:00 PM ET webinar to learn more. All too often...
View ArticleThe Rise of Identity, Access and Authentication in Security Webinar
Why is identity perhaps the most critical security subject matter domain today? What do you think? Hint: Take a look at the consequences and causes of most breaches. Also, tune in to hear me cover the...
View ArticleBuilding Practical IGA in the Cloud Era (NYC August 15)
Identity Governance and Administration (IGA) and Privileged Account Management (PAM) need a makeover for cloud computing. During a recent consulting engagement, I took a deep dive into Cloud IGA and...
View ArticleClik here to view.
Rational Cybersecurity Q3 Update
Since my Q2 update on the Rational Cybersecurity for the Business book project I’ve continued to forge ahead, completing another 3 draft chapters. My goal is to get to final draft (after rewrites)...
View ArticleAudit Active Directory to Reduce Risks from Privileged Users (webcast)
Do you think that Active Directory privileged management practices may pose risks to your organization? If so, please register for my webcast on September 12! Title: How to Audit Active Directory to...
View ArticleClik here to view.
Did Capital One Respond Well to an “Erratic” Data Breach?
On July 19, Capital One Financial Corporation determined it had sustained a data breach of over 106 million user records due to a cyberattack by a user named “Erratic” on Twitter. The company announced...
View ArticleIs PAM the Weakest (Missing) Link in Your Cloud Security Strategy? (Webcast)
Do you think privileged access management (PAM) for cloud services, DevOps, and service accounts may need improvement? If so, please register for my webcast on October 23! Title: Is PAM the Weakest...
View ArticleClik here to view.
Ineffective Response and Perverse Insurance Incentives Compound Ransomware...
Cybercriminals are mining a lucrative revenue source – ransomware. These attackers launch malware to encrypt digital files and demand bitcoin payment to unlock them. We know that local governments are...
View ArticleClik here to view.
Rational Cybersecurity Q4 Update
Since my Q3 update on the Rational Cybersecurity book project I’ve reached an important milestone. Take a look… My goal is to get to a final draft (after rewrites) before the year’s end. I’m also...
View ArticleClik here to view.
Shadow IT: Cultivating the Garden
Shadow IT is an explosion of cloud computing adoption for business use by employees and groups with no IT involvement. Shadow IT can lead to unintended and undesirable security risks, compliance...
View ArticleClik here to view.
How to Design a Break Glass Process in Privileged Account Management (PAM)...
Work with clients on a privileged account management (PAM) system design and you’ll soon need a PAM break glass process for emergency access when normal paths to the password, or secrets vault break...
View ArticleClik here to view.
Cybersecurity Deficit: More than a Skills Shortage
New Services to Cut the Cybersecurity Strategy Deficit As 2020 gets underway, we’re excited to announce a more modular and agile cybersecurity, identity management, and risk management consulting...
View ArticleClik here to view.
Rational Cybersecurity Open Access Book Announcement
Exciting News: I found the perfect publisher for Rational Cybersecurity for the Business. Apress, a Springer Nature company, will be publishing my book in May 2020 through the ApressOpen program. This...
View ArticleClik here to view.
How to Assess Security Maturity and Make Improvements
Security maturity matters: You wouldn’t ask a small child to ride a bike without training wheels, or later to drive a car before his little legs could reach the brake pedal. But all too often, the...
View Article