#Reflections on the President's Executive Order on Cyber Security

#Reflections on the President's Executive Order on Cyber Security

I recently finished up my read of the President's recent Executive Order on cyber security and wanted to summarize some of my main takeaways. The TLDR though; it's currently aimed at the short term and is very narrowly scoped, which, for an issue as expansive and complex as cyber security is going to require a lot more than this EO calls for. A few of the positives: There is a…

Test Driven Compliance

Test Driven Compliance

This is part 2 of a short series on balancing the complexities of regulation and security. The first post provided an overview of some of the challenges that security teams face when they operate in regulated environments, these challenges are then exaggerated by a company's overall size and/or maturity. This post will be the first of several that will focus on possible solutions to these challenges. Background On Test-Driven…

Challenges In Compliance And Security

Challenges In Compliance And Security

I recently had the honor of giving the second day keynote at the 2017 BSides San Francisco conference. The focus of my talk was on the multi-faceted relationships between regulatory and organizational compliance and information security. In many cases I've been a part of, the relationship is somewhat adversarial despite its original intention; compliance acting as a framework or tool for organizations to achieve a quantifiable measure of security posture.…