threat model The second biggest trap in information risk management. A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense. Erick Rudiak 7 Jun 2018 · 12 min read
threat model All* threats are insider threats In the 1990s and early 2000s, the prevailing school of thought in information security was that there were two kinds of threats: insider and outsider. The insider was the "trusted Erick Rudiak 1 Mar 2016 · 6 min read
red team A paean to the red team ...or "Erick rethinks his position on sports analogies" In "Defenders think in lists, attackers think in graphs, as long as this is true, attackers win", Microsoft's John Lambert summed up, Erick Rudiak 31 Dec 2015 · 9 min read
threat model On Pace... A couple years ago, I learned a lesson from my CIO that has stuck with me. Marching towards an aggressive deadline to deliver a client capability, the CIO gathered his Erick Rudiak 14 Dec 2014 · 3 min read
threat model Growing beyond the speed of HD Moore's Law Joshua Corman is generally credited with coining "HD Moore's Law" to state: Casual attacker power grows at the rate of Metasploit I have recently come to believe that the widening Erick Rudiak 7 Dec 2014 · 2 min read
sandman My Favorite CISOs aren't CISOs A recruiter recently asked me, "who are the best CISOs you know?" I'm convinced it was a trick question, and that I failed the test, but the interesting thing about Erick Rudiak 24 Dec 2013 · 5 min read
legal defensibility Taking the bait In a recent blog post, Jeremiah Grossman asks, I also often wonder what it will take to influence a shift information security spending habits from one of tradition to efficacy. Erick Rudiak 4 Jun 2012 · 5 min read