Spring is (almost) here, which means it’s time for some in-house security cleaning. With the holiday shopping season — one of the most treacherous times of year for security — in the rearview, organizations should take a step back to assess what is working, drop what isn’t and invest in…

Does your organization have a formal security awareness and training program? I’m constantly surprised at how often the answer is an awkward and uncomfortable “no.” Implicit in the awkwardness is the recognition that such a program is a critical piece of a strong security strategy. Without awareness and training, it’s…

The practice of analyzing security data for detection and response — otherwise known as security analytics (SA) — comes in many forms and flavors. Consumed data varies from organization to organization, analytic processes span a plethora of algorithms and outputs can serve many use cases within a security team. In…

The pressure is on for corporate leadership to get a better handle on cybersecurity. But unlike other board governance processes that are a lot more mature (e.g., financial risks, market pressures), when it comes to cyber risks, boards need help — help that the chief information security officer (CISO) is…