Category Archives: InfoSec

A Threat Modeling Process to Improve Resiliency of Cybersecurity Program

Many organizations with mature Cybersecurity program have implemented controls to safeguard their digital assets. However, controls can give a false sense of security as many times mere existence of a control does not mean that it is (a) adequate and/or (b) effective. Protecting crown jewels requires continuous monitoring and evaluating controls. This article describes a 5-step threat modeling process to improve resiliency of your program, identify gaps and close these gaps. Continue reading

Posted in Digital Transformation, InfoSec, Leadership | Tagged , | Comments Off on A Threat Modeling Process to Improve Resiliency of Cybersecurity Program

Verizon White Paper: CISO’s Guide to Cloud Security

Verizon security recently published a white paper titled “CISO’s Guide to Cloud Security: What to know and what to ask before you buy” that points out five steps to help decision making on purchasing Cloud products and services. For each step, the white paper also provides recommendations to consider. This is a summary of this white paper. Continue reading

Posted in InfoSec | Tagged , , | Comments Off on Verizon White Paper: CISO’s Guide to Cloud Security

CISO MindMap 2019: What Do InfoSec Professionals Really Do?

Note: An updated version of this article is available now. Please click here to go to CISO MindMap 2020 version. Just like other areas of information technology, information security landscape continues to change at a fast pace. The updated CISO … Continue reading

Posted in InfoSec | Tagged , , | Comments Off on CISO MindMap 2019: What Do InfoSec Professionals Really Do?

Major Security Risks and Mitigation Strategies for 2019

Many security vendors are published their threat reports and making recommendations to CISOs and other leaders for better protection of security assets. After reading many of these reports, following is a summary of major risks identified by these reports and … Continue reading

Posted in InfoSec | Comments Off on Major Security Risks and Mitigation Strategies for 2019

SOC Book: Chapter 1 Available for Download

Just published first chapter draft of the my latest book: “CyberSecurity Arm Wrestling: Winning the perpetual fight against crime by building a modernSecurity Operations Center“. This chapter is available for immediate download by clicking here. The chapter covers the following … Continue reading

Posted in InfoSec, SOC | Tagged , | Comments Off on SOC Book: Chapter 1 Available for Download

Scalable Log Collection as Foundation of SOC

Logs provide a wealth of information and that is one of the reasons that almost all security standards and frameworks (NIST, ISO, PCI, and others) emphasize on collection, storage, and analysis of log data as one of the key aspects … Continue reading

Posted in InfoSec, SOC | Tagged , , , | Comments Off on Scalable Log Collection as Foundation of SOC

Announcing Cybersecurity Learning Saturday

Continuous learning and skills development is an essential part of any Cybersecurity professional but they don’t get enough time during normal work week. So why not turn Saturdays into a collaborative learning events where people come to share knowledge, teach, … Continue reading

Posted in InfoSec | Tagged , | Comments Off on Announcing Cybersecurity Learning Saturday

CISO MindMap 2018 – What Do InfoSec Professionals Really Do?

Like last year, ransomware continues to be a major issue for many organizations. One of the best things any organization can do to itself is to prepare for dealing with ransomware incidents. While ransomware is morphing into crypto currency mining … Continue reading

Posted in InfoSec, Leadership, SOC | Tagged , , , , , | Comments Off on CISO MindMap 2018 – What Do InfoSec Professionals Really Do?