Featured threat model 7 June 2018 The second biggest trap in information risk management. A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense.
threat model 1 March 2016 All* threats are insider threats In the 1990s and early 2000s, the prevailing school of thought in information security was that there were two kinds of threats: insider and outsider.
red team 31 December 2015 A paean to the red team ...or "Erick rethinks his position on sports analogies" In "Defenders think in lists, attackers think in graphs, as long as this is
threat model 14 December 2014 On Pace... A couple years ago, I learned a lesson from my CIO that has stuck with me. Marching towards an aggressive deadline to deliver a client
threat model 7 December 2014 Growing beyond the speed of HD Moore's Law Joshua Corman is generally credited with coining "HD Moore's Law" to state: Casual attacker power grows at the rate of Metasploit I have
Featured sandman 24 December 2013 My Favorite CISOs aren't CISOs A recruiter recently asked me, "who are the best CISOs you know?" I'm convinced it was a trick question, and that I failed
legal defensibility 4 June 2012 Taking the bait In a recent blog post, Jeremiah Grossman asks, I also often wonder what it will take to influence a shift information security spending habits from