I am seeing many security vendors developing products to unify solutions into a single management interface. I fear this is just a sales tactic to gain greater market share and not intended to help the plight of CISO’s

A recent…

A free-flowing discussion about the past and future evolution of cybersecurity leadership.  I had a great time sharing my personal experiences, industry insights, and a few rants in this podcast interview with Marco Ciappelli and Sean Martin of ITSPmagazine.

We cover a lot of ground: The history before cybersecurity, how to deal with difficult…

The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything…

Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms.  One of them was a critical flaw in AMT that allowed remote privilege escalation  CVE-2020-8758

It is nice to see…

Digitally altered and synthetic media are becoming more of a problem.  Openly available tools, including AI Deep Learning, enable the easy modification of pictures and videos for distribution on the Internet.  Most are benign; clearing up acne, improving image lighting, creating a funny meme, or perhaps narrowing a waistline for aesthetic reasons. …

Had a great time during the TUV SUD Safety First podcast interview talking about cybersecurity challenges for small and medium businesses.  We discussed threats, perceptions, and best practices.  The conversation turned to the challenges of major corporations, cross-border companies, and how new technology is changing the risk landscape for everyone. …

I was recently asked an interesting question: What are are the Top 5 CISO frustrations with the cybersecurity industry?

After a few minutes of deep thought and half a cup of coffee later (my 4th big cup of the day), this is what I came up with:

Top 5 CISO Frustrations of the Industry:

1. Maintaining an…

Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster. You know who you are…

Let’s count them down.  

10. Cyber-Insurance

No…

I am excited to be recognized with such great cybersecurity though-leaders! 

Now more than ever, cybersecurity is becoming a critical pillar to the proliferation of digital technology.  Trust in the devices and systems is crucial that people, companies, and governments embrace and rely upon.  Every day, the innovation, investment, and adoption…

There has been a good deal of publicized chatter about impending cyberattacks at an unprecedented scale and how…

An Artificial Intelligence (AI) system is only as good as its training. For AI Machine Learning (ML) and Deep Learning (DL) frameworks, the training data sets are a crucial element that defines how the system will operate. Feed it skewed or biased information and it will create a flawed inference engine. …

Bugcrowd has released some interesting survey data that provides insights into the white-hat vulnerability researcher community.

Of note, most researchers were male (94%) and make less than $25k per year finding vulnerabilities. A vast majority were motivated by contributing to the well-being of others (93%), while only 19% focused on financial…

Turkey may be the first customer for the Kargu series of weaponized suicide drones specifically developed for military use.  These semi-autonomous devices have been in development since 2017 and will eventually be upgraded to operate collectively as an autonomous swarm to conduct mass synchronized attacks. …

Intel comes late to the game but will be delivering an embedded defense for Return Oriented Programming (ROP) types of cyber hacks. I first blogged about this back in Sept…

Leadership requires dealing with ambiguous situations.  The ability to adapt to unforeseen crisis events is a crucial skill for cybersecurity and strategy professionals.  Nobody saw Covid-19 coming a year ago, yet as it has swept across the globe it has impacted the world economy, disrupted longstanding business operations, and affected the everyday…

Watch panelists Chris Roberts, G. Mark Hardy, and Matthew Rosenquist at VShield 2020

I had the honor to be on a distinguished panel with the incredibly knowledgeable G. Mark Hardy and the infamous white-hat hacker Chris Roberts.  We discussed the evolution of cyber resilience, agility, and innovation in these troubling times. …

It is always nice to see projects that are open and free to use, to advance technology in secure, private, and safe ways.  Curiosity Labs provides startups and established companies a no-cost real-world testing infrastructure to innovate smart city and transportation technologies. 

When autonomous…

How will AI change the strategies of cybersecurity?  Where will we see the first big impacts of attackers using AI? 

Watch the Cyber Risk Leaders podcast... 

Shamane Tan and Carmen Marsh were wonderful hosts. I had a fantastic time talking about AI and cybersecurity in the Cyber Risk Leaders…

A new study by Cambridge Cybercrime Centre titled Cybercrime is (often) boring: maintaining the infrastructure of cybercrime economies concludes that cybercrime is boring and recommends authorities change their strategy to highlight the tedium in order to dissuade the growth of…

Being a champion for digital privacy is no easy task.  The perception of privacy and its importance is constantly in flux and radically different around the globe.  I am honored to be a part of this dynamic and determined community that protects and advocates for an optimal balance of privacy, security, and safety.

Much thanks to…