The DevOps movement is the single biggest opportunity security teams have had in a long time. The goal of DevOps is speed and innovation. That goal can be achieved with systems and automation: why not fully integrate security at the same time for a win-win?
Security and privacy center on trust. You can't have that without a high level of transparency. In this day and age, everything comes to light eventually. Better to be up front and open with most activities.
Is it just attitude that keeps security teams from working well with the rest of the organization? And if so, can that attitude be changed? What's keeping things so negative. Some thoughts...
We know that cybersecurity isn't the best name to describe what is ostensibly, "information security" but it's the name we're stuck with.
At some point in the past few years, the term "information security" took a back seat to "cybersecurity". Does it matter? Why?
I am often asked what a good undergraduate program is to take if someone is aiming for a career in cybersecurity. There are plenty of fantastic options but ironically, one I'm not a fan of is an undergraduate focused purely on cybersecurity!
Most of the focus around cybersecurity education is on the technical aspects. Is that the right approach?
GDPR comes into effect tomorrow and one of it's biggest advantages is how it will force companies to actually manage their data...well at least personally identifiable information.
GDPR is now of the law of the land in the EU. Did everything change overnight?
Apparently the FBI misrepresented the number of devices they can't access due to encryption by up to a factor of 6x. This is most likely due to clerical error and a lack of actual statistics rather than malicious intent.
GDPR comes into effect on Friday, 25-May. What does it mean globally? Um...we're not really sure.
How do you handle data collection from your users? Is it hidden and suspect like the current rash of mobile provider exposures? With no opt-out like Microsoft Office? Or clear and transparent?