At RSA’17, I spoke on “Security Leadership Lessons from the Dark Side.” Leading a security program is hard. Fortunately, we can learn a great deal from Sith lords, including Darth Vader and how he managed security strategy for the Empire. Managing a distributed portfolio is hard when rebel scum and Jedi knights interfere with your…Read More Introducing Cyber Portfolio Management
In September, Steve Bellovin and I asked “Why Don’t We Have an Incident Repository?.” I’m continuing to do research on the topic, and I’m interested in putting together a list of such things. I’d like to ask you for two favors. First, if you remember such things, can you tell me about it? I recall…Read More Calls for an NTSB?
In this article, I want to lead into some other articles I’m working on. In those, I’m going to complain about security. But I want those complaints to be thoughtful and within a proper context. You will hear many of us in security talk about threat models. Adam literally wrote the book on threat models…Read More Groundrules on Complaining About Security