All Articles

There are many approaches to conduct a strategic cybersecurity risks assessment.  This is one of my favorite ways, using a Threat Agent Risk Assessment (TARA) methodology. 

This paper was authored by Tim Casey, David Houlding, and I while we were at I

Ever wonder what kinds of things happen when good-intentioned people try to manage cybersecurity?  Well, in this case, a High School in Illinois responded to a system error by resetting every student’s password and then communicating it to all the pa

People often assume the goal of perfect cybersecurity is to be impervious to attack. That is not true! In fact, it is about an optimal balance between competing goals and limitations such as costs, user friction, and acceptable risks.

Please click th

One of my cybersecurity predictions for 2023 is the rise of cyber Private Military Companies (PMC) to specialize in cyberattacks.

One of the most famous PMCs currently in the news is the Russian Wagner group that is fighting for Russia on the ground

You can’t insure, what you don’t understand.

The cybersecurity insurance industry is in a tumultuous period, with skyrocketing deductibles, new limitations, hidden assumptions, and suffering from a slew of lawsuits from customers. The market is hot, w

Cybersecurity will face serious problems in 2023 as the economics between attackers and defenders will drastically shift in favor of those who conduct attacks.

Take a look at my 2022 predictions as a reference: https://medium.com/@matthew-rosenquist/t

Cybersecurity is one of the most important—and least talked-about—business issues today. But how can you prepare your organization against the threat of a devastating attack?

In my new LinkedIn Learning class, I discuss the five biggest mistakes made

Thanks to DynamicCISO for a great discussion about the changing landscape of cybersecurity and how we must all adapt to drive trust into the global digital ecosystem. The key to our success is to think ahead and show leadership in managing innovation

Technology can be mesmerizing. We are all lured by the seemingly endlessly tantalizing stream of emerging technologies that promise to connect and enrich our lives. But there is a potential dark side. For every great innovative benefit, there are acc

I recently presented to a small group on why cybersecurity is becoming more difficult over time, despite all the money and effort that is being applied. Sharing a replay of the presentation where I discuss cybersecurity history, root causes, shifting

With 11 million job openings in the U.S., the most ever, how desperate will organizations be to hire personnel? I am concerned that cybersecurity risks of insiders will increase if processes for proper vetting and background checks become lax for new

These are some common topics when we talk about CISOs role in an organization

As per my view CISO position is making a comeback, but if not placed right…… it can be just a position in any organization. I believe CISO should directly report to either t

Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue incr

This is about developing information security master plan, the concept is the fact that when you develop a plan you begin by starting risk assessment, not a risk assessment from security stand point but from a business standpoint. You go through that

Background:
It has been suggested that any new development will include less than 1% original code. If this isn’t presently true, it will likely be as time progresses.

With any security program, the goal is to identify the vulnerabilities, the relate