Being there, done that — I have personally made many mistakes during my career. Does that qualify me to give advice? I am not sure. Nevertheless, as a cautionary tale, I can list some mistakes that you potentially want to avoid if you can recognize them. Mistake 1: Going against the flow If you can identify themes and ride them, it…

If you meet more than two of these :) — You throw around the names of famous actual experts often For example, mention how you met Troy Hunt, Bruce Schneier, Brian Krebs, Dan Kaminsky, etc. Also claim that their long exchanges online with anonymous commenters are, for real, yours Bonus: Mention someone who is not as well known like Ross Mayfield to make your audience feel that you know more…

and so it is — Fixing vulnerabilities is far from straightforward. Of all those that you Receive news of, not all have a patch, and therefore need to be Queued. Others are Not Applicable to our environment, and can therefore be Closed. Of all those that are Assigned to owners to be fixed, not all…

Service Levels are the best way to align Security with the Business — (Originally written as part of the selection process for a well known research and consulting company; as a result, I was found undeserving….) WHY READ THIS ARTICLE Agreeing service levels for information security is currently an uncommon approach, as methods for measuring security requirements in an objective and repeatable manner remain elusive. …

at a glance —

Or not — If you read The CISO Den there are some articles that you may have missed while being relevant to you. This is a brief guide of the most useful ones Samples of how to do something Presenting Information Security to the Board Like a promedium.com Cybersecurity Software Development Principles OWASP does not list security features yetinfosecwriteups.com Principles of Evidence-Based Cybersecurity Management Evidence-based cybersecurity management is an alternative to tradition-based cybersecuritymedium.com

It contains what it says in the can — Probably the best way to improve the security of any organization is by training their employees. Unfortunately this is easier said than done, as users don’t have any interest in cybersecurity. They are right not to be, as most of the time it is not part of their job description. …

Google, Facebook, Microsoft and Apple — Most companies that offer products or services or internet have the following questions about their clients: How can I identify my clients? Are my clients who they say they are? How can I understand and record my clients behaviour? Can I trust my clients? Can I make money from understanding…

A common ailment among cybersecurity professionals — Cyber Auditor Phobia is an anxiety disorder also known as Auditorphobia (and the closely related Auditphobia), is defined by a persistent and excessive fear of auditor and/or audits. It is an ailment that afflicts some cybersecurity professionals who need to demonstrate compliance with standards or regulations. Auditorphobia typically result in…