Blog

21st July 2022

Don’t Flip-Flop on Defense-in-Depth!

We just returned from our annual vacation on Cape Cod. It’s always been an ideal place to relax and recharge. This year was no exception, thanks in no small part to seven days of picture-perfect weather. But it wasn’t entirely stress free. That’s because on the very first day, my right flip-flop broke. I know, I know,…

7th July 2022

Applying Mazda’s “Gram Strategy” to Cybersecurity and Risk Management

Imagine being sixteen years old, gassing up your mothers old Chevy Cavalier and seeing a sleek smurf-blue roadster zip past the gas station. Time stops. You immediately fall in love with it. Time starts again, and you disappointedly climb into your mom’s clunker and sullenly drive yourself home. You spend the next twenty years thinking…

30th June 2022

Guide to the SOC 2 Security Trust Services Criteria

Even a choose-your-own-adventure book has a certain structure to it. Sure, you might be making your own way through the book, but there are still plot points, challenges, and decisions the author will include along every path. SOC 2, being the choose-your-own-adventure cybersecurity compliance standard, is similar in this regard. An organization pursuing a SOC…

23rd June 2022

The Purses and Flagpoles of Security Policies

I never knew what a danger soccer moms’ purses were. That is, until I attended my very first professional soccer game at Gillette Stadium. A friend of ours invited a few families to join them to watch the game. Until a few hours before arrival I could not have confidently named the home team. It’s…

16th June 2022

Do you need to babysit your vendors?

Good news: Date nights are back on! That’s correct … Mrs. Black and I headed out to an event a couple of weeks ago, doing our best to pick up where the pandemic found us back in early 2020. Of course, our babysitter bullpen has been depleted over the past two-plus years. Some are now…

9th June 2022

How to manage open source code in your product.

Do you really know what’s in open source code? Do you want to? Because face the facts: your organization is making use of open source code right now – and you probably have no idea what’s in it, how recently it has been updated, or even if you’re allowed to use the code in your…

2nd June 2022

Software engineering isn’t for everyone – how I started a career in cyber.

You wanted to be a developer. You spent four years and thousands of dollars in school and managed to get your foot into industry. You spent a few years working a couple different gigs only to realize – this job just isn’t for you. Do you find working in a dark room with no windows…

26th May 2022

Guide to SOC 2 compliance documentation

Nobody really wants to do their homework. Which is unfortunate, because homework plays an important role in helping to absorb, retain, and learn to use the information someone is studying. In the security and compliance world, writing documentation is the homework. It helps employees standardize the right policies and procedures to successfully reduce risk and…

19th May 2022

Don’t press that panic button!

You may assume that I am a fully functioning human. I assure you, you are mistaken. There are certain things – things that most people are quite capable of – that I am dazzlingly terrible at. I cannot sing. Literally. Once, when I joined in on “happy birthday” at my then four-year-old daughter’s party, two…

12th May 2022

Your cyber insurance probably isn’t good enough.

Cyber insurance, like all insurance, is all about the fine print. In 2017, G&G Oil Company purchased a commercial insurance policy that, while not a full-fledged cyber insurance policy, did include coverage for losses “resulting directly from the use of a computer.” They were hit with a ransomware attack later that year and had to…

« Previous 1 2 3 4 … 18 Next