New Tech Won’t Fix Bad ManagementThis post is going to be a little different as I’ve got a bone to pick. I’m wrapping up a consulting gig where I was brought in to review…Apr 28, 2023A response icon3Apr 28, 2023A response icon3
Lessons Learned from a Security Awareness CompetitionIt was late 2018. I was attending (ISC)2’s annual Security Congress, listening to a talk titled “Enterprise Security Program that Works” by…Jan 10, 2022Jan 10, 2022
Dungeons and Security IncidentsIn my posts so far, I’ve talked about how I see security best rolling into existing software development lifecycles as another dimension of…Nov 22, 2021Nov 22, 2021
Getting developers interested in keeping things secureIn my last post, I talked about how security in software development is fundamentally a creative exercise, albeit one with strong rules…Nov 14, 2021Nov 14, 2021
Security as a creative disciplineIn my previous post, I talked about how I see the majority of security-related issues in software development not requiring sophisticated…Nov 8, 2021Nov 8, 2021
Security is another dimension of qualityIn this post, I’ll share why I think it’s valuable to treat security as an extension of existing quality assurance efforts.Nov 2, 2021Nov 2, 2021
O hiI’m new here. This blog will be a snapshot of my brain in a point in time where I’m between jobs. While I’ve been found to be a prolific…Oct 19, 2021A response icon1Oct 19, 2021A response icon1
