RISK & CYBERSECURITY

It still surprises me that much of the tone of vulnerability management is about patch/bug fix vs. detecting broader configuration and ar...

Continuing with the theme of raising the baseline by reducing the cost of control we can see the next logical progression is that the fas...

We know it is important to have good inventories across all of the assets we care about in an enterprise. For security purposes this is, ...

Let’s assume general purpose quantum computers that can operate usefully at scale are coming. I think a reasonable timeframe is 15 years....

Chesterton's Fence is a cautionary tale to make sure that before you change things you actually understand their purpose. This is particu...

Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their c...

The Bank of England has recently released a sequence of consultation papers, after an earlier discussion paper, laying out a framework f...

It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of...

I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts f...

I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of vulnera...

I've increasingly found, with respect to coding, security has come full circle. Those of us who started in the 80's/90's had to code (or ...

In the late 1980’s I was a developer using virtualized systems and containers, software defined networks, thin-client end points that cou...