I was looking for a way to become more of a member of the community. It’s something that most of us search for, that feeling of belonging. A blog is something I’ve toyed with in the past, mostly to document lessons learned when I tried to hang my shingle; that didn’t go so well and …
What is Meant by “Integrity” in the CIA Triad?
This is the third part of a four-part blog series covering the CIA Triad. The first part discussed the CIA triad as a whole (Part I). Part II covered Confidentiality. Part IV will cover Availability. Integrity. Many people hear or see that word and their first thought is of an individual's trustworthiness. Do they have …
Continue reading "What is Meant by “Integrity” in the CIA Triad?"
Understanding “Confidentiality” Within the CIA Triad
This is the second part of a four-part blog series covering the CIA Triad. The first part discussed the CIA triad as a whole (Part I). Part II will cover Confidentiality with parts III and IV covering Integrity and Availability. Three can keep a secret, if two of them are dead. Benjamin Franklin, Poor Richards …
Continue reading "Understanding “Confidentiality” Within the CIA Triad"
Introduction to the CIA Triad for Security Professionals
This is part 1 of a four-part series. We'll introduce the CIA concept overall here in the first of the series. Then cover each component more in-depth in subsequent posts One of the most critical concepts for security professionals is the CIA (confidentiality, integrity, availability) triad. It is at the core of everything we do, …
Continue reading "Introduction to the CIA Triad for Security Professionals"
Make Policy Your Friend and Learn to Love Governance and Compliance
I was a GRC (Governance, Risk, and Compliance) person first and now I am a CISO (Chief Information Security Officer). It was 20 years ago, thereabouts, and I knew I wanted a change. I'd abandoned my goal of a career that I'd attended college for, technical theatre, and was working retail for a large, national …
Continue reading "Make Policy Your Friend and Learn to Love Governance and Compliance"
Rebranding “InfoSec” as “Business Security”
"No one really gets what it is we do." I read and hear that phrase, or something similar, a lot when consuming InfoSec (information security) content. There are references and allusions to it on Social Media, write-ups in industry periodicals, and references to it on podcasts. The arguments tend to be the same. "It's not …
Continue reading "Rebranding “InfoSec” as “Business Security”"
Security is the Force of the Business Galaxy
Quick acknowledgment here; this is written from the perspective that security is at the center and core of all business. That is simply a conceit to allow for the perspective. The core element of any business is to make money and increase profits and profitability over time, I get that. Many businesses struggle with figuring …
Continue reading "Security is the Force of the Business Galaxy"
Phishing is not an Awareness Program
Security Awareness Training is big topic and it consists mostly of people saying that you need to run phishing campaigns. People are your weakest link, but that’s their nature. It’s more than knowing social engineering, identifying phishing scams in all its forms. You need to train your HR people on listings and job postings. Train …
Importance of the Boring Stuff: Policies
A lot of people think of InfoSec and immediately think of “hackers.” Writing and running code, discovering vulnerabilities and writing exploits, discovering bugs by reviewing code and looking for failings, and all other activities that look cool when presented on TV and film, where energy drinks cover the desk, and the only light on the …
Just get involved
So you’re starting out in InfoSec and don’t know where to start. I don’t mean the trainings, or the fields of study, the webinars, or the cons. We aren’t talking about doing your research to publish, or diving in on bug bounty research, or how to conquer your first CTF (capture the flag). Nor are …
Imposter Syndrome from a Real Imposter
That title is tongue-in-cheek. It is possibly the one universal truth that I've learned in my time working and communicating with members of InfoSec; everyone has bouts of imposter syndrome. The number of people that I revere and have the fortune to talk with, all admit to having their moments. And not just their moments …