The True Scope of Posture Management
What's the true scope of posture management? You'll know you're on the right path when the security org is more focused on Prevention Engineering than on Detection (and Response) Engineering.
paradigmshifts
16 posts
Cybersecurity is a System
China found out the hard way that no one escapes the interdependencies of complex systems. We make the same mistakes in cybersecurity today.
From the Recorded Future Podcast: A Conversation with CISO Jason Steer About Identity Security
From my conversation with Recorded Future, two short, essential videos about identity security: how we got here, why it matters, and why it's so hard to do well.
What England’s Underwhelming Team of Football All-Stars Can Teach Us About Cybersecurity
If you want to understand the platform vs best-of-breed debate, look no further than England's football team.
Microsoft CVEs, MITRE ATT&CK, and what Secure by Design Cannot Fix
Did you know that 70% of Microsoft CVEs between 2006-2018 were memory safety bugs? How hardware Secure by Design can help...and how it can't.
The Identity Lesson You Must Learn From Midnight Blizzard
Endpoint security is not the fulcrum around which you should be building. You'll miss a lot if you do.
The Fish, the Fishbowl, and All the Things We Thought We Knew
The fishbowl distorts perception, but in a way which confirms our biases. How does this hurt us in security and transformation, and what should we do about it?
It’s Time to Retire “Attackers Only Have to be Right Once; Defenders Have to be Right 100% of the Time”, and Here’s Why
Along with "people are the weakest link", this phrase has been shaping unhealthy cultures in security for years. It's time to stop saying it, and here's why.
G before RC
The order of the letters in "GRC" is not arbitrary. If you don't Govern your environment well, you cannot manage Risk and Compliance well.
What Moves the Cyber Resilience Needle the Most? It’s Probably Not What You Think
It's simple, but it's not easy: if you change the tech but not the culture, none of the gains you realize in the short term will be sustainable in the long term.