The holiday season begins with the preparations for Thanksgiving dinner and I typically begin cooking for Thanksgiving dinner the Monday prior. I love cooking. I love the science of cooking. I love the art of cooking. I love the traditions…
Government transition: Planning ahead for career risk
As a FED covered by the Hatch Act most onerous elements I have eschewed all political discourse and basically kept my mouth shut. That isn’t going to change now. I have no view public or private to share on the…
CISO metrics: Right sizing and right costing an information security program
In the continuing attempt to prove to the wider world I’m a desirable hire as a CISO for a fortune 100 company. I offer the following and hope even if you don’t hire me that you get something of use…
Motorcycling Commuting: Today the van suspension missile
Over the years I have had to go around, over, or through some interesting items as I get from point a to point b on my motorcycles. I’ve dealt with ladders, opossums, tires, hail, parts and complete carcasses of animals,…
CISO Hunting Tags: What threat hunting should mean to you
If you don’t have a successful information security program don’t waste your dollars or time on threat hunting until you can secure what you own first. There has been much ink spilled on threat hunting in the network. Even the…
New CISO? Get your first 90 days action items here
So you’re a new CISO and you just arrived at the organization. What should your personal interaction project plan look like? I tell CISO’s that they should plan on a few days to simply spin up their technology, get their…
You’re not in our industry WTF do you know about infosec?
This is more from my noisy search for my next windmill to tilt at in what will be the great success of helping an organization become more resilient, capable, and respected for the information security posture they exhibit. I like…
Attribution of cyber adversaries
Key Points: Attribution has three distinct layers; political, technical, and forensic with each having different confidence levels and analysis strategies Adversaries must interact with systems to exploit them and this creates evidence or anomalies that can be used for attribution…
Hiring military leaders off the street
Lots of snark talk from the military types out there. I understand it, but don’t have to agree with it. Over the weekend Military Times put out an article that above the fold states. Defense Secretary Ash Carter wants to…
Authoritarianism or similar rather than leadership
Leadership is not about the tell it is about the do. To many people look at a leadership task as telling other people what to do. They take an authoritarian perspective on the principle of getting things done. I see…
Leadership: Putting strategy back into human interaction
We spend a lot of time talking about leadership where we think of it as getting people to do something through some form of incentive or disincentive. Simply churning and burning our way to action through carrots and sticks though…
Motorcycle Monday
Am I looking for a job?
I’m a senior executive, a subject matter expert, and an influential strategic leader in cyber security. Why would I always be looking for a job, why would I always be keeping my ear to the ground, and why would I…