How can we secure an IT resource if we don’t know that it exists or if we don’t have visibility into its state? To quote respected industry practitioner Adrian Sanabria, “Most security and IT problems begin with visibility.” Security practitioners crave visibility into the state of laptops, vices, virtual machines, applications, and users in their … [Read more...] about What, why, and how of cybersecurity asset management
There are many ways to attain and maintain information security expertise. The path that one person followed isn’t necessarily appropriate for another. What role do professional certifications play in the process, and what other considerations should you keep in mind when expanding your skills? Here’s what has worked for me. As a practitioner who aims to keep up with … [Read more...] about Life as a CISO: Earning information security certifications
Let’s talk about why Chief Information Security Officers often struggle justifying cybersecurity purchases and which practical frameworks can help with such efforts. Like other enterprise executives, CISOs must defend their budget requests. Year after year the company hears that the CISO demands money for more projects, more products, more staff. We used to justify these … [Read more...] about Life as a CISO: How do CISOs make sense of all the cybersecurity tools?