Don't forget the goal

I've experienced plans going wrong many times during the several years I've been Red Teaming. Sometimes because of poor planning, some others because the real world always has the last word, especially when Mr. Murphy is along for the ride - and he always is.

Read More
Advanced Capabilities
Both sides of the coin

Security is hard. Today this is even more so. In order to have a good security program you need to move past the defense-only mindset and begin to think differently. There are two sides to security, and both are needed in order to have a successful, resilient program.

Read More
Advanced Capabilities
Security is a Wider Problem

Over the years, a pattern has emerged. A pattern that worries me. A pattern that indicates that security "professionals" still don't get it. This pattern suggest a big majority of high level security professionals (I.E. CSOs, CISOs, CIOs,, CTOs, Sr VPs) still approach security is either a purely technical problem, or one that only serves a "mandatory checklist" or certification.

Read More
Advanced Capabilities