Top Fractional CISO Blogs of 2022

Published on 28th December 2022 Author: Rob Black

“We share information deliberately. While we keep client specific information confidential, we broadly and openly share learnings from client work. We share internal information openly when it does not impinge on the privacy of employees. We make sure that people have the information they need to perform their job.“
– Fractional CISO Fundamental 19: Share Deliberately

The free sharing of knowledge and information is baked into the fundamental beliefs and behaviors of Fractional CISO. We also believe that the world is a safer place when organizations are able to protect their data, their employees’ data, and their customers’ data.

It is these core beliefs that drive the weekly publication of articles to our blog online, each containing actionable cybersecurity advice for business leaders. We always hope that readers are able to take away knowledge, and implement the ideas at their businesses.

With 2022 coming to a close and 50 new articles in the record, we are once again going to revisit the top articles we published this year.

5. Most popular video tie-in: Modernize your Cybersecurity Measurements!

Despite our big focus on written blog articles, they are not the only type of content we create! We also create short sketch videos designed to entertain and educate the viewer about a problem or topic in cybersecurity.

This year, our most popular video posted to my LinkedIn page was called “If Cybersecurity People Worked in Finance.” Give it a watch – there’s a high chance you’ll enjoy it!

Compared to finance, cybersecurity is an industry that’s still in its infancy, and therefore has a lot of non-standard measurements. The most effective cybersecurity programs will quantify the metrics that matter most, start measuring them, and speak in the language of business (dollars and probabilities)!

4. Most Headache-Inducing: The Apple MDM market leaves a lot to be desired.

On April 21 of this year, Apple announced they were shutting down Fleetsmith – its in-house Mobile Device Management (MDM) solution for macs.

We’re a mac company here at Fractional CISO, and Fleetsmith was our MDM of choice. This announcement left us embarking on a months-long odyssey of vendor evaluations and comparisons to find a different MDM solution. We came to the unfortunate conclusion that there is no good Apple MDM provider. There are a bunch of third-string options.

You can read our thoughts on each of the vendors we evaluated in the main article. In the meantime, we are eagerly watching this space for a leading solution to emerge.

3. Hardest-hitting on LinkedIn: How to read a SOC 2 report.

I post every new blog that goes up to my personal LinkedIn page. It’s the primary way we distribute these articles (if you’re reading from LinkedIn now, hello!).

In most circles, the word “compliance” is enough to put people to sleep. On cybersecurity LinkedIn, it is a hot and exciting topic.

This guide on how to read a SOC 2 report turned out to be the most popular article we published to the platform all year, with the most views, likes, and comments.

To be fair, the content is really important! If you’re going to be doing vendor management, it’s super important to understand what to look for in the SOC 2 report so you can determine if the vendor’s cybersecurity is actually any good or not.

2. Biggest share: Browser password managers – flawed security, by design!

After vCISO Principal RJ Russell published this article about the poor design of built-in browser password managers, we saw a huge spike in traffic on our site. Way more than we normally see for a new article.

What happened? Somebody posted it to Y Combinator’s Hacker News.

The reception to his ideas by this tech-savvy forum were not all positive, but we stand by his assertion that it is better to use a purpose-built password manager, instead of using the built-in browser password managers. After all, password managers have the decency to encrypt your saved passwords by default! Safari is the only browser that manages to do as much.

Check out his article for the full reason why – plus a video recreation of the exploit that makes us feel this way.

1. Most popular all year: How to get a SOC 2 Certification

Yes, we know that a SOC 2 isn’t actually a certification – it’s an attestation!

But a lot of people say “SOC 2 certification,” and sometimes it’s better to meet people where they are, instead of correcting them.

And meeting people where they are seems to have worked out, since this has been our most popular article since we published it in April of this year.

I wrote it to help people understand everything that it takes to become SOC 2 compliant. A lot of other content that’s on the web is vague or too surface-level, not providing the full insight a business leader is looking for when trying to learn what the process will be like.

Tales from the Click

Thanks for reading Fractional CISO’s blog this year. While this blog obviously serves a business purpose for us, we work very hard to make sure that we’re writing great, actionable content that anybody can use to improve their organization’s cybersecurity posture.

If you’d like this type of content delivered to your inbox, please consider subscribing to our newsletter. Otherwise, come back every Thursday for new, actionable cybersecurity advice.

Rob Black, CISSP

Rob founded Fractional CISO in 2017 and has helped dozens of companies improve their security posture as a vCISO. He consults, speaks, and writes on IoT and security. Rob has held product security and corporate security leadership positions at PTC ThingWorx, Axeda and RSA Security. He received his MBA from the Kellogg School of Management and holds two Bachelor of Science degrees from Washington University in St. Louis in Computer Science and System Science and Engineering. He is also a Certified Information Systems Security Professional (CISSP).