All these vulnerabilities, rarely matter.

/
There is a serious misalignment of interests between Application Security vulnerability assessment vendors and their customers. Vendors are incentivized to report everything they possible can, even issues that rarely matter. On the other hand, customers just want the vulnerability reports that are likely to get them hacked. Every finding beyond ... Read More
My next start-up, Bit Discovery

My next start-up, Bit Discovery

The biggest and most important unsolved problem in Information Security, arguably all of IT, is asset inventory. Rather, the lack of an up-to-date asset inventory that includes all websites, servers, databases, desktops, laptops, data, and so on. Strange as it sounds, the vast majority of organizations with more than even ... Read More
SentinelOne and My New Role

SentinelOne and My New Role

Two years ago, I joined SentinelOne as Chief of Security Strategy to help in the fight against malware and ransomware. I’d been following the evolution of ransomware for several years prior, and like a few others, saw that all the ingredients were in place for this area of cyber-crime to ... Read More
The Ad-Tech Industry Must Finally Admit That Their Product (Ads) is Dangerous

The Ad-Tech Industry Must Finally Admit That Their Product (Ads) is Dangerous

/
How would you react if I told you that computer security experts are six times more likely to run just an ad blocking software on their PCs, over just anti-malware? Would you be surprised? That was the result from a Twitter poll I conducted last year, in which more than ... Read More

InfoSec warranties and guarantees

/
This is a living list of InfoSec companies who offer warranties and guarantees on their various products and services. If you know of others that should be on the list, please comment. CymmetriaKnowBe4AsTech Consulting (press release), Vigilance / Qualys (terms)WaratekSentinelOneTrusonaWhiteHat SecuritySymantec & Norton (money-back)McAfee (money-back)Trustwave HIPAA Secure NewForcepointAviraProofpointDigiCert ComodoArmorVerizon (100% ... Read More

InfoSec Start-up Advising and Product Recommendations

/
As a long-time InfoSec veteran and entrepreneur, I’m often asked by company founders to join their advisory board and lend a hand. Sometimes the founders need someone with experience they can trust to bounce ideas off of, provide guidance on how to scale their business, point out the many pitfalls ... Read More

What keeps me in the security industry

/
It’s common for long-time information experts like myself to be asked what keeps us in the security industry. Some say it’s a good stable job that nicely pays the bills. Others find the work interesting and enjoy the constant intellectual challenge. Some the like the people, the community, the culture, ... Read More

I’m joining the fight against malware and ransomware with SentinelOne

/
Today is a big day for me. I’m contributing to a company called SentinelOne, but I really don’t think of it as a job. I’ve accepted an opportunity to work side by side with other brilliant and highly motivated people where we’re all helping to solve important and challenging InfoSec ... Read More