Most Recent Blogs

All I Need to Know about Cyber Security, I Learned in an NSA Pamphlet for Securing Home Networks

Posted: April 27, 2015   /   By: Dan Conde   /   Tags: Networking, cyber security, RSA Security Conference, home network security

IAD-pamphletsDo you remember a list called All I Really Need to Know I Learned in Kindergarten? No? It’s a list of basic things that children are taught, which can guide them throughout life. It’s pretty old but was very popular in its day. Thinking about this led me to ask: Would lessons from a pamphlet for securing home networks have prevented some recent mega breaches? No way? Think again. 

Read More

Somber Message at the 2015 RSA Conference

Posted: April 22, 2015   /   By: Jon Oltsik   /   Tags: cyber security, rsa conference

knowledge-shareAs the 2015 RSA Conference got underway this week, I attended a dinner hosted by Pacific Crest Securities. Our host began the dinner by asking former cyber czar Richard Clarke to say a few words.

Now this was a rather festive dinner as the cybersecurity industry is in the midst of a robust boom.  Nevertheless, Clarke’s brief talk was a reminder of where we’ve been and the state of cybersecurity today. 

Read More

Time to Address Basic Organizational Issues that Impact IT Security

Posted: November 17, 2014   /   By: Jon Oltsik   /   Tags: IBM, Microsoft, Oracle, cyber security, CISO

In the past, cybersecurity was thought of as an IT problem where CISOs were given meager budgets and told to handle IT security with basic technical safeguards and a small staff of security administrators. Fast forward to 2014 and things have certainly changed now that business mucky-mucks read about data breaches in the Wall Street Journal on a daily basis. 

Read More

The Two Cornerstones of Next-Generation Cybersecurity (Part 1)

Posted: June 13, 2014   /   By: Jon Oltsik   /   Tags: Data Management & Analytics, Information and Risk Management, Enterprise Software, Security and Privacy, cyber security, next-generation cybersecurity, applications, identity

Every CISO I speak with tells a story fraught with common anxiety about the future of information security. As the world becomes more mobile, consumer-centric, and cloud-based, IT gets more distributed and complex while the IT department has less and less control. This presents a real conundrum for security professionals who’ve been trained to seize control and lock down as much as they can.

So what should CISOs do to address the “shadow IT” dilemma? As IT loses control of some of its traditional assets, my suggestion to CISOs is to double-down on security controls and oversight for the things they still own. In my humble opinion, there are two key areas to focus on: Sensitive data and identity. Everything else – applications, endpoints, networks, and servers – must kowtow to these two cornerstones and enforce specific data security and identity policies.

Read More

Posts by Topic

see all