Denim Group has been acquired by Coalfire. Learn More>>

Yearly Archives: 2015

Post: 6 Ways The Sony Hack Changes Everything

Security in a post-Sony world means that a company’s very survival in the wake of a cyber attack is more of a concern than ever before. Sony Pictures experienced what many are calling the most devastating cyber attack to date, disrupting a movie release, knocking its corporate systems offline for weeks, threatening its distribution channels […]

Post: Mobile Application Assessments By The Numbers at AppSecEU

The slides from the OWASP AppSecEU presentation “Mobile Application Assessments By The Numbers: A Whole-Istic View” are online here: Application Security Assessments by the Numbers – A Whole-istic View – OWASP AppSec EU 2015 from Denim Group The abstract for the talk was: By analyzing the data from over 60 mobile application security assessments, we […]

Post: Austin ISSA Slides: Structuring and Scaling an Application Security Program

The slides from my talk at Austin ISSA yesterday are online here: Structuring and Scaling an Application Security Program from Denim Group The title of the talk was: Structuring and Scaling an Application Security Program And the abstract  was: Most organizations understand that the software they develop and deploy exposes them to risk from attackers. […]

Post: Security News No One Saw Coming In 2014

John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year. It has begun… No, not the over-the-top holiday shopping advertisements and 24/7 commercialization on the run-up to Christmas. I’m talking about the over-the-top 2015 IT predictions lists and 24/7 prognostications that bombard our screens on […]

Post: What I Learned from My NPR Interview

  I had my first opportunity to be interviewed by National Public Radio, on short notice, to react to the White House announcements on cybersecurity policy. The issue was front and center most of the week, including a reference to cybersecurity in President Obama’s State of the Union speech (a first, I think). In retrospect, […]

Post: What Scares Me About Healthcare & Electric Power Security

Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats In social settings when people find out I’m a security guy, they frequently ask me similar questions. The first, for example, is about my online paranoia: “Do you leave money […]