CyberSecurity

Did you know that on average a CISO, the executive in an organization that focuses on cybersecurity, has a shelf life of 18 - 26 months? This number has been estimated to be as low as 17 months by other groups. Why do you suppose that is? Easy, because no general can win a war on multiple fronts. I have no numbers to back these claims up, only anecodatal experience: Vulnerabilities are discovered and found on systems faster than Remediation Teams can fix them. ...

A Great Interview I recently just watched a great interview by the VulnWise team talking to my personal mentor and friend, Johnny Shaieb. They were discussing the history of vulnerability management databases and covered a lot of interesting topics like: The history of vulnerability databases The value of having an unbounded score Why clients need to focus on the quality over quantity of vulns The history of the fiber backbone that runs the country Etc There was one topic though that I felt I’d like to take a crack at. At the 33:42 minute mark of the video, Steve Carter asked the question: ...

If You’re Not Paying, You’re The Product. I hate the above phrase. My problem with it isn’t in its intent, because I agree with the sentiment. We as consumers need to look at the products we use an determine whether there might be some hidden costs to the convenience that companies provide us. So what’s my issue? EVEN IF YOU PAY FOR A SERVICE, YOU ARE STILL A PRODUCT. I’ve been thinking of a video that I saw about a year ago. It’s from consumer-friendly lobbyist and personal hero of mine, Louis Rossmann. ...

Introduction: The National Institute of Standards and Technology (NIST) is a government agency in the US that set up various standards for emerging technologies. In my past job, we used the NIST Cybersecurity Framework (CSF) 2.0 to secure our clients, and I think it might be good to write down some of the principles in case it comes up in a job interview. This will be a part of a new series called “X for Nerds”, where I cover various topics that you might need to know before walking into a cybersecurity job. ...