Risk or Threat Oriented Security: Which Path Should We Choose?
Lately, I've been engaged in various discussions about what should drive our security efforts: risk or threats. It's an interesting debate, and today I want to explore it with you in a more engaging and enjoyable way.Let's start with the risk-based approach. Ideally, this is the way to go. It ... Read More
Cybersecurity Is Not A Pair Of Sneakers
"Just do it" does not work for cybersecurity. I've seen many comparisons with very complex things we've managed to accomplish. Man on the Moon, robots on Mars, etc. "We've manged to do all those things, how come there are still breaches happening?". Why can't we take a "just do it" approach ... Read More
Professional Certifications, Reboot!
 After two months and a few hundred dollars later, my most recent personal project is completed. 10 years after my TOGAF9 certification, I decided to play the test taker again and obtain a new batch of professional certifications: AWS Certified Cloud Practitioner, AWS Certified Security Specialty and Microsoft Certified: Azure ... Read More
The Bright Future of Cloud SIEM
TL;DR: People keep questioning SIEM value, but cloud SIEM makes SIEM so much better. SIEM is now capable of delivering a lot of security value with far less effort from security teams.The SIEM market is a US$5B market with a two-digit annual growth rate. Still, we keep seeing multiple questions ... Read More
Some additional words on those SOC robots
 The topic on SOC automation is really a fun one to think about, and even after putting my thoughts into words with my last post, I've still kept thinking about it. Some additional considerations came to my mind.The simplistic question of "Will machines replace humans in a SOC" can be ... Read More
The Robots Are Coming!
 The debate around SOC automation has been a fun one to follow. Allie Mellen wrote a short but on the spot piece about it, reaffirming what seems to be the commonsense opinion on this topic today: Automation is good, but to augment human capacity, not replace it. After that Anton brought up a very interesting follow up, confirming that view ... Read More
An Analysis of Past Mistakes
 As I was looking for an old email in my archives, I stumbled on discussions about a security incident that happened almost 13 years ago. That was that time when, well, there's no other way of saying it....I was hacked.The good thing about looking at incidents like that one after ... Read More
Monitoring and Vulnerability Management
 (Cross posted from the Securonix Blog)Vulnerability management is one of the most basic security hygiene practices organizations must have in place to avoid being hacked. However, even being a primary security control doesn't make it simple to successfully implement. I used to cover VM in my Gartner days, and it ... Read More
DDLC – Detection Development Life Cycle
Dr. Chuvakin has recently delivered another great blog post about "detection as code". I was glad to read it because it was the typical discussion we used have in our brainstorming conversations at Gartner. It had a nice nostalgic feeling :-). But it also reminded me of my favorite paper ... Read More
NG SIEM?
An interesting result from changing jobs is seeing how people interpret your decision and how they view the company you’re moving to. I was happy to hear good feedback from many people regarding Securonix, reinforcing my pick for the winning car in the SIEM race.But there was a question that ... Read More
