Friday, October 6, 2017

@securityguy23:

If you're only listening to respond and not to comprehend -- you're missing (at least) half of the conversation. . .

Thursday, October 5, 2017

@securityguy23:

Hope never has -- and never will be -- an effective risk management strategy. . .

Thursday, September 28, 2017

@securityguy23:

The best way to gauge the effectiveness of an organization's approach to risk management and response all too often comes down to three simple canary questions:

1) When the building caught fire, why did they respond by pointing the hose at the parking lot?
2) Were they surprised when the building still burned down?
3) Did they learn from the mistake and change the approach before somebody brought in the next box of matches?

Friday, August 11, 2017

@securityguy23:

Now Heptaconta Certified with Certified Information Privacy Professional / Canada (CIPP/C) Goodness. . .

Thursday, August 3, 2017

@securityguy23:

Monitoring is vastly different than just logging.

And if you're doing only the latter despite claiming the former -- you've neither got security, nor a remotely defensible position when the auditors and lawyers come-a calling. . .