@thebenhanson

August 2, 2024

From the Recorded Future Podcast: A Conversation with CISO Jason Steer About Identity Security

From my conversation with Recorded Future, two short, essential videos about identity security: how we got here, why it matters, and why it's so hard to do well.

June 28, 2024

What England’s Underwhelming Team of Football All-Stars Can Teach Us About Cybersecurity

If you want to understand the platform vs best-of-breed debate, look no further than England's football team.

June 3, 2024

Microsoft CVEs, MITRE ATT&CK, and what Secure by Design Cannot Fix

Did you know that 70% of Microsoft CVEs between 2006-2018 were memory safety bugs? How hardware Secure by Design can help...and how it can't.

March 1, 2024

How to Build a Thriving Career in Cybersecurity (and beyond)…Without Burning Out

I've learned most of these lessons the hard way. Here's 6 key things to consider.

September 18, 2023

Connect/Okta and Identity Sync Hardening

One area commonly overlooked (by defenders, but not by attackers) is identity sync infrastructure. If you harden your AD but don't do this, you are wasting your time.

September 15, 2023

The Fish, the Fishbowl, and All the Things We Thought We Knew

The fishbowl distorts perception, but in a way which confirms our biases. How does this hurt us in security and transformation, and what should we do about it?

August 18, 2023

Business Leaders: How to Help the Technologists to Help You

We all sometimes need to be reminded that security risk is not the only risk, and sometimes not even the most important risk, that a business faces.

August 14, 2023

It’s Time to Retire “Attackers Only Have to be Right Once; Defenders Have to be Right 100% of the Time”, and Here’s Why

Along with "people are the weakest link", this phrase has been shaping unhealthy cultures in security for years. It's time to stop saying it, and here's why.

July 20, 2023

What Should be the North Star for Your Career Focus?

What voice do you want to have in the world? Never, ever give yourself so fully to what you're doing now that it undermines your development into who you want to become.

March 30, 2023

G before RC

The order of the letters in "GRC" is not arbitrary. If you don't Govern your environment well, you cannot manage Risk and Compliance well.

March 15, 2023

What Moves the Cyber Resilience Needle the Most? It’s Probably Not What You Think

It's simple, but it's not easy: if you change the tech but not the culture, none of the gains you realize in the short term will be sustainable in the long term.

February 14, 2023

When To Say No To A Good Opportunity

Sometimes an opportunity looks and feels right, but it isn't. Here's how you can tell the difference.

February 2, 2023

Azure Has A Kerberos Problem, But It’s Not The One You Think

Blaming Azure for Kerberos exploits isn't a hot take—it's nonsense. Focus on the real root causes instead (which are different than you might think).

January 11, 2023

Integrating Threat Modeling with DevOps

Because DevOps has effectively joined the Operational and Dev domains, it introduces security dependencies which neither domain had to consider before.