When Security Metrics Miss The Point

After countless years of presenting to boards, executives, and colleagues, I’ve found that I’ve developed almost a split-personality when I’m asked about what metrics to track. The post When Security Metrics Miss The Point appeared first on Chronicles of a CISO ... Read More
Two-factor Authentication Is Not Dead

Two-factor Authentication Is Not Dead

I’ve had just about enough of the fear mongering and lazy ‘reporting’ that’s been in the press recently around how two-factor authentication is broken. I’m not sure about you, but the way the doomsday preachers in mass media have torn apart two-factor authentication lately really has me wondering about the ... Read More
RSA Sales & Marketing Panel on Relationships

RSA Sales & Marketing Panel on Relationships

| | Commentary
For a number of years, I’ve had the honor of participating on the T.E.N. ISE® Sales and Marketing Breakfast panel at RSA. This year’s panel included some of my most esteemed colleagues in the industry and was once again a packed house with over 100 vendor representatives. The idea behind ... Read More
Merritt Group Blog

How to Personalize Your Product Pitch for CISOs

| | Marketing, Media, rsa, vendors
A Q&A with John Masserini, CISO at Millicom Telecommunications This Merritt Group blog is part of an ongoing Q&A series with CISOs on preferred marketing and sales techniques, leading up to the RSA Conference, taking place March 4-8 in San Francisco – where cyber professionals from all over the country ... Read More
Free NIST CSF Maturity Tool

Free NIST CSF Maturity Tool

In my previous post, ‘My Three Wishes for 2019’, I had wished that we all find a way to give back to the industry, even a little bit. In an effort to fulfill that desire, I wanted to share a simple, but effective tool I’ve used, in various forms, for ... Read More

My Three Wishes for 2019

| | Commentary, Diversity, quantum, STEM
It’s the end of the year and like all of you, my news feed has been filled with ‘Predictions for 2019’ to such a point that I basically ignore them. And while I admit that I did indeed write one of those a few years back, I’ve about had more ... Read More
CISO Strategy

KLogix:Cyber Security Business Podcast

| | CISO, Media, Podcast, strategy
On this episode of Cyber Security Business, we sit down with John Masserini, CISO, Millicom, to discuss identity and access management in the current security environment. Excerpt: Kevin West: Welcome to Cyber Security Business with Kevin & Kevin. I’m Kevin West, the CEO of K logix and I’m here with ... Read More
security research

Fahrenheit 451 – Security Research Edition

| | Commentary, Law, research
In 1998, the US passed The Digital Millennium Copyright Act (DMCA) in an effort to enact several of the requirements of World Intellectual Property Organization (WIPO). DMCA makes it a crime to publicize technologies which are developed to bypass measures that control access to copyrighted works. DMCA also makes it ... Read More

The Identity Catechism: Fifteen questions every CISO should ask about their Identity program

The evolution is underway. Our infrastructures are borderless, our critical data is cloud based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy controls are as outdated as the conceptual hardened perimeter and our users are still human; and will still succumb ... Read More