threat model - Erick Rudiak. CISO. Human.

The second biggest trap in information risk management.

threat model, pyramid, LOA, level of assurance, trim tab, Maslow

A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense.

All* threats are insider threats

threat model, kill chain, insider threat, lockheed martin

In the 1990s and early 2000s, the prevailing school of thought in information security was that there were two kinds of threats: insider and outsider. The

A paean to the red team

red team, sports analogies, telestrator, kill chain, graphs, penetration test, threat model

...or "Erick rethinks his position on sports analogies" In "Defenders think in lists, attackers think in graphs, as long as this is true,

On Pace...

threat model, manifesto, c-suite, CIO, pace, UX

A couple years ago, I learned a lesson from my CIO that has stuck with me. Marching towards an aggressive deadline to deliver a client capability,

Growing beyond the speed of HD Moore's Law

threat model, password, HD Moore, metasploit, DDoS, denial-of-service

Joshua Corman is generally credited with coining "HD Moore's Law" to state: Casual attacker power grows at the rate of Metasploit ![](/img/threatmodel_full_