Challenges In Compliance And Security

Challenges In Compliance And Security

I recently had the honor of giving the second day keynote at the 2017 BSides San Francisco conference. The focus of my talk was on the multi-faceted relationships between regulatory and organizational compliance and information security. In many cases I've been a part of, the relationship is somewhat adversarial despite its original intention; compliance acting as a framework or tool for organizations to achieve a quantifiable measure of security posture.…

#Reflections on Organizational Change from Psychological Operations and Guerilla Warfare

#Reflections on Organizational Change from Psychological Operations and Guerilla Warfare

I recently finished reading the CIA Manual for Psychological Operations in Guerilla Warfare and thought there was some interesting parallels to driving political/organizational change in business. I want to capture those thoughts here along with my general thoughts about the book. Overview The book starts by defining what guerilla warfare and psychological operations is through the lens of the CIA/OSS, basically a political weapon to drive and control…