Log4j Memo to the CEO, CFO and other CXOs
If you are the CEO, CFO or CXO of a major corporation, you are probably aware of Log4j, and perhaps perplexed by the unprecedented impact it has had on your infosec and IT teams. You might be wondering how Log4j is different from vanilla cybersecurity issues. Perhaps you are waiting ... Read More
Is It Time to Rethink That Cybersecurity Data Lake?
You have probably heard the story of the kid who had everything but was still sad. Here is a tale of a CISO who has everything but is still very unhappy because she can’t quantify her organization’s cyber risk… Our CISO’s organization has invested in dozens of cybersecurity tools in ... Read More
Colonial Pipeline Surprise Attack? No Really…
The media is abuzz with the news of the main fuel supply line to the U.S. East Coast being shut down after the pipeline’s operator, Colonial, suffered what is believed to be the largest successful cyberattack on oil infrastructure in the country’s history. Was the infosec industry surprised? If you ... Read More
The Need for Speed in Cybersecurity
Friday is my favorite day of the week. This is the day I set aside to connect with CISOs in Balbix’s advisory council, in our customer base, and in the broader industry. These are not selling sessions – instead they are about listening, introspecting, and brainstorming. My objective is to ... Read More
What Do White Chocolate Macadamia Nut Cookies Have to Do With Cybersecurity Posture?
Picture this. You walk into the kitchen. On the counter, is a beautiful charcoal gray plate. And right in the center of the plate is a perfectly round cookie. You are tempted, of course. You reach for the cookie, take a bite, and close your eyes in anticipation of a ... Read More
Operationalize the NIST Cybersecurity Framework Without Pulling All Your Hair Out (Part 2 of 3)
This is the Part 2 of a 3-part blog on how to use the NIST cybersecurity framework without getting bogged down and lost in the minutia of the specification documents. Part 1 can be found here, and we recommend you read this piece first if you have not already done ... Read More
Operationalize the NIST Cybersecurity Framework Without Pulling All Your Hair Out (Part 2 of 3)
This is the Part 2 of a 3-part blog on how to use the NIST cybersecurity framework without getting bogged down and lost in the minutia of the specification documents. Part 1 can be found here, and we recommend you read this piece first if you have not already done ... Read More
7 Reasons to be Thankful for Your Cybersecurity Team
Enterprise cybersecurity teams do more than keep organizations safe. At its core, the information these folks secure is about people — customers, employees, partners. So, keeping organizations secure ultimately means securing people’s digital lives. Cybersecurity teams are usually only acknowledged when something goes wrong. Yet for every cyber breach, there ... Read More
7 Reasons to be Thankful for Your Cybersecurity Team
Enterprise cybersecurity teams do more than keep organizations safe. At its core, the information these folks secure is about people — customers, employees, partners. So, keeping organizations secure ultimately means securing people’s digital lives. Cybersecurity teams are usually only acknowledged when something goes wrong. Yet for every cyber breach, there ... Read More
Operationalize the NIST Cybersecurity Framework Without Pulling All Your Hair Out
If you are reading this, you may have decided to upgrade your ad-hoc cybersecurity program to be compliant with the NIST Cybersecurity Framework. Your CEO or audit committee might have asked about this, or perhaps one of your CISO-friends suggested this. First off, you should know that your cybersecurity program ... Read More
