People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]

Technology

Should Yubikeys be standard issue?

Posted on

A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]

Technology

Value of Bro

Posted on

One of our partners recently asked me what I thought of Bro — was it something I would recommend setting up for one of his clients? If you’ve used Bro before, this is probably a no-brainer, but for many folks — even ones with deep infosec experience — Bro can be a little confusing. In […]