Managing Information Security On a Limited Budget

The recent government shutdown got me thinking about budgets and information security. Having just submitted a proposal to a small business myself, I am asking the question: What is best practice for small or mid sized business (SMB) information security? Every SMB is going to have a limited budget. This ... Read More

Building a Security Start-Up

| | Connecting the Dots
If only building a security start up was as predictable as transitioning from caterpillar to butterfly! But, it s not. Unfortunately it usually requires many turns and corresponding changes. Consider companies like Blackberry, once a ubiquitous handset provider, now an enterprise security provider. Or Radware, once a load balancing product ... Read More

Cybersecurity Risk Management for Directors

| | Connecting the Dots
There are many posts on corporate directors responsibilities toward the organizations where they are board members. In fact, corporate directors themselves may be targets for hacktivists or cybercriminals and need to make sure they have adequate protection. This protection should include both home and professional office. Directors obviously will have ... Read More

Should Your CIO Learn to Code?

| | Connecting the Dots
This topic came up because of two recent headlines and one new book. The first was the news that the now former Equifax CISO was a music major, without formal college level tech or security training. The second was the recent article in the WSJ highlighting Bank of America s ... Read More

How IT Leaders Can Keep a Seat at the Table

| | Connecting the Dots
In this era of digital disruption, business leaders are turning to technology to keep up. But, will they continue to turn to traditional IT leaders to map out the future? This is the question addressed by Mark Schwartz s new book A Seat at the Table. Mr. Schwartz engagingly analyzes ... Read More

Equifax points out again the need for speed in security management

| | Connecting the Dots
The Equifax data breach illustrates again the need for speed in security management. If the breach was through a known vulnerability, we wonder why wasn t it patched? If through another path, we wonder why wasn t the attack detected? We have so many incident and event management tools for ... Read More

Anatomy of a Security Breach

| | Connecting the Dots
In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master. The trial is in progress now. It is not often that we get a look at the details of a computer security breach, but in this case at least some details ... Read More

The Smartest Information Security Companies

| | Connecting the Dots
Every year, MIT Technology Review publishes its list of the 50 smartest companies. This year, two information security companies made the list, along with big time players like Amazon, SpaceX, etc. TR doesn t publish the detailed selection criteria, but they include things like: ability to dominate the chosen market ... Read More

Book Review: Play Bigger

Play Bigger is a new book by entrepreneurs for entrepreneurs (2016, Harper Business). The authors theme is that today s markets are so crowded that you cannot rely on niche marketing into white spaces; you have to create your own white spaces, or categories . The goal is to be ... Read More

Long Term Beneficiaries of WannaCry

The current worldwide attack from WannaCry is going to have lasting impact for information security. The question is: what will that be and who will benefit? In this blog post I will take a contrarian viewpoint and suggest that it will not be beneficial to security practitioners or security businesses ... Read More