Decisions are hard enough that you don't want to have to revisit them constantly. But that's exactly what is required in the realm of cybersecurity. Do you have a system in place to review decisions? Are you recording the right information to update those decisions when the time come
User experience is often overlooked when it comes to security and privacy. This leads to some confusing, dangerous, and challenging situations that users are forced into. Why?!?
Many questions come along with the federal legalization of cannabis in Canada. It's a massive example of trickle down risk as various controls around usage and methods of delivery are pushed into areas they weren't designed for. Are you doing the same thing with your IT deployments? Are
Virtual events can be a great way to connect with your audience. They are not only less expensive to run but they are much easier to access for most people. So why are they rarely enjoyable despite having great content?
When you're trying to teach, pass along a message, or just generally reach anyone, the key is to understand how THEY want to consume information. That's a huge gap in most communications today, especially breach notification. Put yourself in the audience's shoes!
With the Bloomberg report on hardware hacking looking more in doubt, more and more politics are coming into play. Anytime you evaluate news, it's important to look at things objectively. Here are a few tips around evaluating cybersecurity news.
Reflecting back on my keynote at SecTor in Toronto where I delivered some tough new to a roomful of security professionals. Here's what worked and what could've been better!
Sometimes you have to deliver really bad news. It's not your fault, but you're the one on the hook. How do you deliver it? How do you deliver it without getting mired into the downside?
Conferences are usually jam packed with great content. So much so that it can be hard to prepare for them and get the most out of them. What do you look for in a conference? How can I help?
Security is a quality issue. Except we don't treat it that way and that's costing us dearly.
Built-in security is always best. That's "security by design", but when that fails (due to mistakes, oversight, humans), built-in security steps up...or, um, in.
Who did it? It's a powerful question and the answer to "What is attack attribution?"