A New CISO’s TODO List
When a CISO joins a new organization, it is important to start with basics. Following is a TODO list for every new CISO. Subscribe to Blog
Category Archives: InfoSec
Risk Assessment – Qualitative, Quantitative and Scoring
Information security community has been performing risk assessment for as long as the profession existed. The risk assessment is typically classified as qualitative (e.g. Critical, High, Medium, Low) or quantitative (a dollar amount). Risk scoring is a relatively new phenomenon … Continue reading
View post to subscribe to site newsletter.
Posted in InfoSec
Tagged cybersecurity, risk management, strategy
Comments Off on Risk Assessment – Qualitative, Quantitative and Scoring
Software Bill of Material and Vulnerability Management Blind Spots
Open source software is everywhere (which is not a bad thing in itself). However, many buyers don’t have inventory of open source components included in software products they are buying. Business even fail in keeping tack of open source components … Continue reading
Posted in InfoSec, Open Source
Tagged Open Source, vulnerability
Comments Off on Software Bill of Material and Vulnerability Management Blind Spots
Podcast: CISO MindMap and Recommendations for 2022-23
Recently we recorded a podcast with CISO Tradecraft focusing on CISO MindMap 2022 and recommendations for 2022-23. As a reference the latest CISO MindMap is available here and detailed recommendations page is also available here. You can listen to the … Continue reading
Posted in InfoSec, Leadership, SOC
Tagged cybersecurity, infosec, MindMap, Security, SOC
Comments Off on Podcast: CISO MindMap and Recommendations for 2022-23
Essential Business Knowledge for InfoSec Professionals
June 18, 2022 – By Rafeeq Rehman The role of InfoSec professionals has morphed into a critical business function. One should expect getting involved in “business” discussion often, and at increasing higher levels of business structure up to board of … Continue reading
Posted in InfoSec, Leadership
Tagged business, leadership, skills
Comments Off on Essential Business Knowledge for InfoSec Professionals
CISO MindMap 2022 – Recommendations
I have included six specific recommendations with the recent publication of CISO MindMap. This article is to further elaborate on these recommendations, why these matter, and what actions information security leaders can take. The objective of this article is to … Continue reading
View post to subscribe to site newsletter.
Posted in cisomindmap, InfoSec
Tagged ciso, cybersecurity, MindMap, strategy
Comments Off on CISO MindMap 2022 – Recommendations
What could derail SASE train
There are many reasons that make Secure Access Service Edge (SASE) an appealing concept. Major among these are moving from corporate data centers to the Cloud, need to work from anywhere, reducing complexity, and use of applications delivered as SaaS. … Continue reading
View post to subscribe to site newsletter.
Posted in Digital Transformation, InfoSec
Comments Off on What could derail SASE train
What is Service Mesh and Why Should Anybody Care?
There is a lot going on with Cloud computing, containers and micro services. Following is a summary of what information security professionals need to know about one very important idea: the Service Mesh. What is it? Service Mesh controls, monitors, … Continue reading
View post to subscribe to site newsletter.
Posted in InfoSec
Tagged cloud, microservices, servicemesh
Comments Off on What is Service Mesh and Why Should Anybody Care?
PDF Version of Book: Cybersecurity Arm Wrestling available for download
The PDF version of my latest book “Cybersecurity Arm Wrestling – Winning the perpetual fight against crime by building a modern Security Operations Center (SOC)” is now available for download. You can share this link, print it, and use it … Continue reading
View post to subscribe to site newsletter.
Perspectives on Information Security Architecture
There are few things that every architect should do but most forget. As you know, there is no shortage of technology architecture frameworks and standards. You may have come across TOGAF for enterprise architecture and SABSA (Sherwood Applied Business Security … Continue reading
Posted in InfoSec
Tagged architecture, Information Security Architecture
Comments Off on Perspectives on Information Security Architecture