Want to know the traits of top infosec leaders?

Join me in 24 hours for my webinar with EC-Council (the folks behind the CEH, Certified Ethical Hacker, certification) titled Four Traits of Successful Information Security Leaders.

I'll share with you my experiences and mistakes as an information security leader as well some observations I've made of those at the top of their game over the past 11 years I've spent working for myself. There will be a Q&A at the end to top it all off.

Check it out. There's no charge...you'll just need to sign-up for an account on BrightTALK. Look forward to seeing you there!

Read More

The security conversation is not a one-time deal

Read More

Focus on yourself and reap the rewards in IT & infosec

If you're in to big-picture IT and information security stuff like, say, your career and focusing on what matters, here are some new bits I've written for TechTarget and Security Technology Executive magazine that you may be interested in:

Five habits of highly-successful IT pros


Social networking strategies to further your IT career

Five ways to advance your Windows career

Understanding management gets your IT department what it needs

RSA's look at the big picture

Enjoy! As always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books and more.

Read More

The weakness of vulnerability scans that people (sadly) ignore

Those of us who live and breathe information security on a daily basis understand that vulnerability scans are only part of the information security assessment equation. We can't live without them but as I've outlined here we by all means cannot rely on them completely.

I was just speaking with a colleague about this and came up with an analogy for our overdependence on external vulnerability scans in the name of PCI DSS, lack of funds to do it right or whatever the excuse du jour:  Relying solely on basic unauthenticated vulnerability scans to find all the security problems on your network is like depending on a home inspector to check out your new diggs from his automobile on the street. He may be able to find some issues with the porch, roof, siding or driveway - especially if he's got a good set of binoculars - but he's certainly not going to see what's really taking place on the inside. Vulnerability scans are no different, especially in the case of Web applications.

Moral of the story: Don't trust that external vulnerability scans will show you where your network security truly stands. It's shortsighted and will bite you when you least need/expect it. And, if the breach ends up in a lawsuit or going to court, it'll most certainly be brought out by the lawyers and their expert witness that due diligence was started but not performed up to par.

Read More

Great quote that applies to information security

“Follow the path of the unsafe, independent thinker. Expose your ideas to the danger of controversy. Speak your mind and fear less the label of ‘crackpot’ than the stigma of conformity.” 
– Thomas J. Watson, Jr.

I've found that it's a great way to live your life too. :)

Read More