CMMC’s worst ‘best practices’
There is a buzz around the DoD’s reported review of the Cybersecurity Maturity Model Certification (CMMC) program. It is unclear
Category: Security
Cybersecurity Maturity Model Certification (CMMC) creates a big barrier-to-entry for small companies
If you were in Lockheed Martin’s offices in 2009 you may remember seeing a number of unfamiliar, well-dressed people milling
The Security Screwtape Letters
The other day I got a FedEx package containing a USB drive and handwritten note. The note said: Please provide
The economics of a hospital ransomware breach
Ransomware attacks on hospitals have been in the news a lot lately. Have security professionals done a good job of
Is CrowdStrike Stock a Bubble?
I got a call from a friend the other day. We’ll call him the Undercover CISO. He is a polymath
Security Myopia
If you attended business school any time over the last 50 years you probably read the timeless Harvard Business Review
Ransomware Economics 201
In my previous post I outlined why the most cost-effective way to recover from a ransomware attack is to pay
Ransomware Economics 101
Recently, travel management company CWT became yet another victim of a ransomware attack. The company paid the attackers over 400
Unknown unknowns
In 2002, Donald Rumsfeld, who was the US Secretary of Defense at the time, was asked a question about the
You don’t know @Jack
It hit me as I stepped outside the Reagan National Airport terminal. Just five hours earlier I’d been in the
Security Economics 