Compliance is not security
Our Defense Industrial Base (DIB) faces continual attacks that harm our national defense. As such, we need real security to
Category: Security
Of Ferraris and Yugos
I was working in my home office the other day when I heard the beeping of a car. It sounded
CMMC 2.0 is dead. They just don’t know it yet.
I was pretty excited as I drove onto the sprawling and meticulously landscaped campus. I was heading to a meeting
Microsoft is about to bite the hands that feed it
I was just settling in for a busy day at the office when I saw the incoming call from the
Google makes some noise in the security market. Did they get lured into a bad deal?
Google’s announcement that it would be buying security firm Mandiant for $5.4 billion made some waves in the security world
CMMC’s worst ‘best practices’
There is a buzz around the DoD’s reported review of the Cybersecurity Maturity Model Certification (CMMC) program. It is unclear
Cybersecurity Maturity Model Certification (CMMC) creates a big barrier-to-entry for small companies
If you were in Lockheed Martin’s offices in 2009 you may remember seeing a number of unfamiliar, well-dressed people milling
The Security Screwtape Letters
The other day I got a FedEx package containing a USB drive and handwritten note. The note said: Please provide
The economics of a hospital ransomware breach
Ransomware attacks on hospitals have been in the news a lot lately. Have security professionals done a good job of
Is CrowdStrike Stock a Bubble?
I got a call from a friend the other day. We’ll call him the Undercover CISO. He is a polymath
Security Economics 