SANS Johnson Controls Trojan Smart Home Leaks Lead to Cyberattacks

SANS Institute Survey Surfaces State of Cybersecurity Defenses

A SANS Institute survey found most orgs felt they had the right policies, processes and controls defined, but only 67% had metrics to prove it ...
Security Boulevard
Cybersecurity Insurance is Missing the Risk

Cybersecurity Insurance is Missing the Risk

 First published by HelpNetSecurity — Matthew RosenquistCybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the ...
Striking the Balance: Effective Cybersecurity Visualization for Informed Decision-Making

Striking the Balance: Effective Cybersecurity Visualization for Informed Decision-Making

 In the complex and ambiguous realm of cybersecurity, the power of visualization tools cannot be overstated. When employed judiciously, they serve as invaluable assets, offering crucial data in a readily comprehensible manner ...

What Security Metrics Should I Be Looking At?

Your security operations team deals with a lot of data. The problem is that security teams are constantly busy putting out fires and fixing the latest vulnerabilities. Where does the time come ...

What Security Metrics Should I Be Looking At?

Your security operations team deals with a lot of data. The problem is that security teams are constantly busy putting out fires and fixing the latest vulnerabilities. Where does the time come ...
The CISO’s White Whale: Measuring the Effectiveness of Security Awareness Training

The CISO’s White Whale: Measuring the Effectiveness of Security Awareness Training

| | Metrics
Boats attacking whales | Source: New York Public Library Digital Collections I have a hypothesis about end-user security awareness training. Despite heavy investment, most - if not all - CISO’s wonder if ...

Tips, Advice, and Insights on Achieving Buy-in for Cybersecurity Projects

A CISO’s job can be one of the most stressful in cybersecurity. It can sometimes feel like an avalanche of responsibilities, all in the pursuit of keeping an organization safe. The problem more ...
My 2022 Predictions -- with Skin in the Game!

My 2022 Predictions — with Skin in the Game!

| | Metrics
A new year always means one thing in any field with an ample number of armchair pundits: another round of annual predictions. The big problem with annual prediction lists is that they ...
zoltar.jpeg

My 2020 Predictions, Graded

| | Metrics
This post is a little bit overdue, but I’ve been looking forward to writing it. In December 2019, I made 15 predictions for 2020. I was inspired by two sources. First, Scott ...
biffalmanac.jpg

Better Security Metrics with Biff Tannen

| | Metrics
Some people struggle with The Clairvoyant Test. They have a hard time grasping the rules: the clairvoyant can observe anything but cannot make judgments, read minds or extrapolate. It’s no wonder they ...