Tuesday, September 25, 2012

Stuff I Say - KISS - Keep It Simple Security

   This is the first of a series of posts covering themes I talk about all the time.  The theme today is keeping things simple.

   Last week I spoke at the Interface conference in St. Paul.  It was a fun talk entitled #*%! My CISO Says, covering a range of security governance and management topics.  Slides are on my slideshare page.  In that talk I frequently referenced keeping our security program simple.

Tuesday, September 18, 2012

Just Say No to "Just Say No"!

   Last week I spoke at The Security Standard conference put on by CSO Magazine.  While not the main point of my talk, one key theme that I addressed is that in Security and IT we cannot use "Just Say No" as an operating strategy.

   Five, Ten or more years ago, security and IT divisions were often considered to be roadblocks.  In many organizations, security and IT existed for self-fulfilling reasons... to support the technology they chose.  IT and security would dictate to the business.  But that's not the right way...

Tuesday, September 11, 2012

Mobility not just Mobile

   Yesterday I gave a talk at CSO Magazine's The Security Standard conference in NY.  There was a great group of attendees and the conference has been excellent.  My talk was on the Embracing the IT Consumerization Imperative.  You can view the slides on the conference site or my slideshare site.

   One of the important points I made, and a frequent theme for me, is the need for alignment between business and security and IT.  It's too easy for those of us in the technology space to get caught up with the devices, toys and tech solutions.  We too often get disconnected from the business need.  Security and IT groups exist to service the business.  Business drives security; business drives IT... not the other way around.

Tuesday, September 4, 2012

Ineffective Security


   This is my 2nd favorite picture to use in a presentation. (I'll talk about my favorite picture in a future post!) It shows a classic security failure... the use of an ineffective security control.