Earlier this month, I spoke with Derek Slater:
In early 2008, Adam Shostack and Andrew Stewart released the book The New School of Information Security. And they launched a blog in support of the book and its message.
I wondered about how Shostack perceives the state of IT risk management now, and whether he thinks progress is being made. Here are the highlights of what he told me