Threat intelligence Intelligence Ti Threat intelligence training

The Executive Threat Intelligence Primer

Explaining threat intelligence to executives can be daunting. Framing the conversation in the tactical, as opposed to the strategic, prevents us from communicating the real value of a good, empowered, sponsored, and staffed threat intelligence program in a way that executives can understand what they’ll get - and say yes.

Phishing Ransomware Security awareness training

Tricking Your Team Isn't The Answer

Successful phishing attacks - tricking your employees into clicking a link and then taking an action, such as providing information to a fake web page - is the primary vector for ransomware infections.

Supply chain risk Best practices

The Anti-Checklist Manifesto: Spreadsheets and 3PR

Note: I spoke on this topic in September, 2021 at 44CON and you can watch the video here.

Authentication Access control Supply chain risk Best practices

Zero Factor Authentication

Are you asking the right questions to determine how well your vendors will protect your data?

Authentication Access control Sso Best practices

Stop Rotating Your Passwords

I’ve been arguing for years that we in information security aren’t doing anyone any favors when we demand that people use for passwords something impossible to remember, then we demand that they remember it, and then we insist that, for God’s sake, they never write it down.