Erick Rudiak. CISO. Human.

The second biggest trap in information risk management.

threat model, pyramid, LOA, level of assurance, trim tab, Maslow

A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense.

I was wrong (or: five things I learned from Hubbard in 2016)

HTMA, Jaquith, Kaplan, Hubbard

Unlike earthquakes and lightning strikes, for which unimpeachable data exists, information security trends suffer from underreporting, environmental factors and subjectivity that call into question any sort

All* threats are insider threats

threat model, kill chain, insider threat, lockheed martin

In the 1990s and early 2000s, the prevailing school of thought in information security was that there were two kinds of threats: insider and outsider. The

A paean to the red team

red team, sports analogies, telestrator, kill chain, graphs, penetration test, threat model

...or "Erick rethinks his position on sports analogies" In "Defenders think in lists, attackers think in graphs, as long as this is true,

Six presentation mistakes I have made (and learned from making)

Tufte, data-to-ink ratio, presentation, powerpoint

One of the great joys of being a leader in a large company is watching protégés achieve their career objectives, sometimes eclipsing the mentor in the