Journey of learning in InfoSec
I was a GRC (Governance, Risk, and Compliance) person first and now I am a CISO (Chief Information Security Officer). It was 20 years ago, thereabouts, and I knew I wanted a change. I’d abandoned my goal of a career that I’d attended college for, technical theatre, and was working retail for a large, national …
Continue reading “Make Policy Your Friend and Learn to Love Governance and Compliance”
Quick acknowledgment here; this is written from the perspective that security is at the center and core of all business. That is simply a conceit to allow for the perspective. The core element of any business is to make money and increase profits and profitability over time, I get that. Many businesses struggle with figuring …
Continue reading “Security is the Force of the Business Galaxy”
Security Awareness Training is big topic and it consists mostly of people saying that you need to run phishing campaigns. People are your weakest link, but that’s their nature. It’s more than knowing social engineering, identifying phishing scams in all its forms. You need to train your HR people on listings and job postings. Train …
A lot of people think of InfoSec and immediately think of “hackers.” Writing and running code, discovering vulnerabilities and writing exploits, discovering bugs by reviewing code and looking for failings, and all other activities that look cool when presented on TV and film, where energy drinks cover the desk, and the only light on the …