Security Programs

Post: RSA 2017 – A T-Shirt Response

“Have fun at RSA!” These are the words I hear from friends and family and colleagues at work that don’t have the opportunity to make the pilgrimage to San Francisco for the largest gathering of security folks of the year, the RSA Conference.  Regardless of whether you are a vendor, buyer, or general attendee, you […]

Post: A Trumped-Up Approach to the Borderless War on “the Cyber”

Now that the inauguration and many of the Senate confirmation hearings are behind us, I’m starting to gather my thoughts as a security guy around cybersecurity policy in the new administration and where President Trump might take us all. Let me state up front that I’m not an apologist for the President, nor do I […]

Post: Tis the Season for Security Predictions

Each year across the country, right after Thanksgiving, a curious thing occurs at many technology vendors. Marketing professionals reach out to their company thought leaders to let them know that it’s time to produce a prediction report. Shortly thereafter, collective eyes are rolling and groans accompany candid statements, such as “I have nothing new or […]

Post: Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Post: Bringing Sanity to BlackHat Week – A Survival Guide for First-Timers

Ahhhhh. BlackHat Eve. That week before Black Hat where overworked security folks all over the world attempt to clear out their email inboxes prior to jetting out to Las Vegas for a week in enclosed conference centers with thousands of other like-minded security nerds. But when we talk about Black Hat as a singular event […]

Post: 2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]