Just Okay Is Not Okay
16th January 2020
These days, I don’t watch much live TV. The exception is sports. And with football playoffs in full swing, I’ve seen a fair number of commercials along the way. One that has stood out involves a surgeon: “How’s doctor so-and-so?”, asks the patient. “Oh, he’s okay,” says the nurse. The ad goes on to say…
-- READ MORE
Don’t Click That Link!
19th December 2019
Anyone who says there is no difference between boys and girls, has never coached youth basketball. I coach at our local YMCA — 3rd/4th graders with my son; 1st/2nd graders with my daughter. And let me tell you, I’m not even sure these two populations are of the same species. Here’s a prime example… When…
-- READ MORE
Can You Hear Me Now?
21st November 2019
Here is a sentence you have probably never heard: “Alexa, send our company banking credentials to a cyber-criminal.” Nobody, of course, would deliberately invite their smart speaker to share confidential information with bad actors. And the software itself (Alexa, Google Home, etc.) is not designed to do bad things. But, that doesn’t mean bad things…
-- READ MORE
Sales troubles? Call the cybersecurity specialist!
29th October 2019
It is so non-intuitive. Yet, each time I try to explain it, I get puzzled looks. This is usually how it goes…. “I help business leaders create a cybersecurity program and story to unblock sales.” “Huh?” But it is true. More often than not our clients make the decision to hire us because they are…
-- READ MORE
25 months in: What I’ve learned starting a cybersecurity company
31st July 2019
This is the second part in a series. If you haven’t read the 18 month one, you should. It’s here: https://fractionalciso.com/18-months-in-what-ive-learned-starting-a-cybersecurity-company/ After re-reading my 18-month blog post I couldn’t believe how much has changed with our business and with me in just six months. Okay, seven months but I started writing this post at the…
-- READ MORE
IoT Platforms: The Top Six
30th May 2019
I recently finished a small consulting engagement where the client asked me about if they should build an IoT platform. I’ll give you the same advice I gave them, but for free. “Don’t do it.” Let’s talk about the underlying challenges with today’s IoT platforms. It’s a very weird market. Think of it this way:…
-- READ MORE
Pen Test. Do I need one?
13th March 2019
“Yes, but…” That is the right answer 95% of the time. Almost every organization needs a penetration test or pen test. Organizations with mature security programs don’t need to ask the question. They already know the answer based on their program and plan. Organizations that are asking that question are operating from the right mindset….
-- READ MORE
Cybersecurity Breach Bankruptcy: It Does Happen
23rd January 2019
“Companies don’t go out of business due to a cybersecurity breach,” say several well-versed cybersecurity experts. When I give them counter-examples to disprove their point, they list it as an aberration. Here’s a less catchy but more accurate statement: “Large companies usually don’t go out of business due to a large cybersecurity breach. They can…
-- READ MORE
18 months in: What I’ve learned starting a cybersecurity company
28th November 2018
After twentyish years working for someone else, I quit my corporate job and started a cybersecurity consulting company. While it seemed risky at the time, now I can’t imagine doing anything else. When I first quit, I got questions like, “You have clients lined up, right?” and “What are you really doing?” The answers, “no”…
-- READ MORE
Typeform Data Breach: 100,000 Records and Counting
12th July 2018
The list of customers affected by the Typeform data breach has grown in the past week. So has the number of personal records exposed. This article aims to collect all of this data in one location. What is Typeform? Typeform conducts customer surveys and quizzes for other companies using their service. The web-based platform allows…
-- READ MORE
