The Purses and Flagpoles of Security Policies
23rd June 2022
I never knew what a danger soccer moms’ purses were. That is, until I attended my very first professional soccer game at Gillette Stadium. A friend of ours invited a few families to join them to watch the game. Until a few hours before arrival I could not have confidently named the home team. It’s…
-- READ MORE
Do you need to babysit your vendors?
16th June 2022
Good news: Date nights are back on! That’s correct … Mrs. Black and I headed out to an event a couple of weeks ago, doing our best to pick up where the pandemic found us back in early 2020. Of course, our babysitter bullpen has been depleted over the past two-plus years. Some are now…
-- READ MORE
How to manage open source code in your product.
9th June 2022
Do you really know what’s in open source code? Do you want to? Because face the facts: your organization is making use of open source code right now – and you probably have no idea what’s in it, how recently it has been updated, or even if you’re allowed to use the code in your…
-- READ MORE
Guide to SOC 2 compliance documentation
26th May 2022
Nobody really wants to do their homework. Which is unfortunate, because homework plays an important role in helping to absorb, retain, and learn to use the information someone is studying. In the security and compliance world, writing documentation is the homework. It helps employees standardize the right policies and procedures to successfully reduce risk and…
-- READ MORE
Don’t press that panic button!
19th May 2022
You may assume that I am a fully functioning human. I assure you, you are mistaken. There are certain things – things that most people are quite capable of – that I am dazzlingly terrible at. I cannot sing. Literally. Once, when I joined in on “happy birthday” at my then four-year-old daughter’s party, two…
-- READ MORE
Your cyber insurance probably isn’t good enough.
12th May 2022
Cyber insurance, like all insurance, is all about the fine print. In 2017, G&G Oil Company purchased a commercial insurance policy that, while not a full-fledged cyber insurance policy, did include coverage for losses “resulting directly from the use of a computer.” They were hit with a ransomware attack later that year and had to…
-- READ MORE
When your Business Continuity/Disaster Recovery Plan is a Disaster…
5th May 2022
Picture it: As a part of your new job running a corporate SOC 2 compliance program, you’ve started the arduous process of reviewing old documentation. Most of it is in pretty good shape…until you come across the Business Continuity/Disaster Recovery (BC/DR) Plan. While your company’s name is all over it, the instructions for temporary physical…
-- READ MORE
How to start a career in cybersecurity, according to a hiring manager.
28th April 2022
“I’m still really interested in cybersecurity, but I had no idea getting an entry level job would be this difficult! I thought you said companies are desperate to fill these roles, and they’re basically hiring anyone who applies?” Jason lamented, after being rejected for yet another job. Jason has been working as a desktop support…
-- READ MORE
Patching Keeps the Lights On (Except when it Doesn’t)
21st April 2022
You probably don’t give much thought to lightbulbs. I wouldn’t either, except that somehow, we own a house with lots of them. We have so many that in any given week, one, two, sometimes three of them burn out. And (of course), they are not all of the same type. Some are floodlight bulbs. Some…
-- READ MORE