Optimism bias is the belief that each of us is more likely to experience good outcomes and less likely to experience bad outcomes. How prevalent is this in the cybersecurity industry? If you’re a salty security professional like me, you already know the answer.
The best way to maintain a defensible security posture is to have an information security program that is current, robust, and measurable. An effective information security program will provide far more protection for the operational state of your organization than cyber security insurance alone. To put it another way, insurance is a reactive measure whereas an effective security program is a proactive measure.
Join Andrew Hay on Wednesday, July 25th, 2018 at 10:30 AM EDT (14:30:00 UTC) for an exciting free SANS Institute Webinar entitled “I” Before “R” Except After IOC. Using actual investigations and research, this session will help attendees better understand the true value of an individual IOC, how to quantify and utilize your collected indicators, and what constitutes an actual incident.
I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in […]
Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad […]
I’ve had a lot of positive feedback from my first post which explained how to create the Trello board to track your Call For Paper (CFP) due dates, submissions, and results. In this post, I’ll explain how to create the cards and populate them with the required data to better manage your CFP pipeline. To start your first […]
Detect and Prevent Data Exfiltration Webinar with Infoblox
Please join SANS Institute Instructor and LEO Cyber Security Co-Founder & CTO Andrew Hay and Infoblox Security Product Marketing’s Sam Kumarsamy on Thursday, August 17th, 2017 at 1:00 PM EDT (17:00:00 UTC) as they present a SANS Institute webinar entitled Detect & Prevent Data Exfiltration: A Unique Approach. Overview Data is the new currency in the modern digital … Continue reading Detect and Prevent Data Exfiltration Webinar with Infoblox→
Unless you’ve been away from the Internet earlier this week, you’ve no doubt heard by now about the global ransomware outbreak that started in Ukraine and subsequently spread West across Western Europe, North America, and Australia yesterday.
Diving into the Issues: Observations from SOURCE and AtlSecCon
Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada. The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride … Continue reading Diving into the Issues: Observations from SOURCE and AtlSecCon→