Secure Digital Life — Episode #74

1*K_zGgQ0zhPZtVr0rwvUekg

I was a guest on episode #74 of Secure Digital Life and interviewed by Doug White. We covered Tenable’s Cyber Exposure, starting companies, hacking elections and the future of cyber attacks and security.
Read More…

Silver Bullet Show #144 — Government Versus Commercial Security Solutions

1*q2aAHqrC5fv6lDwRefShbQ

Photos — Gary McGraw (left), Ron Gula (Right)

I enjoyed participating in Dr. Gary McGraw’s Silver Bullet podcast show #144. Gary has done an excellent job getting really good guests like Bruce Potter, NY Times cyber journalist Nicole PerlrothPeiter Zatko (a.k.a “mudge) and Jack Daniel on the show and doing good interviews. Gary knows what he is asking about. He has dual Phds, has written more than 100 peer reviewed publications and is the author of eight information security books. He’s also the VP of Security Technologies at Synopsis. I consider Gary the expert in secure coding and secure software design.

Read More…

While Visiting RSA 2017, Don’t Forget About Testing Security Controls


0*UU5ZoDh5zxElbWEh
If you are going to RSA and walk the vendor floor, keep in mind that the vast majority the vendors you will meet are not designed to work together. You may be able to centralize their logs and even orchestrate a cohesive incident response to an event, but you won’t automatically know if you are PCI Compliant, if you have a gaping hole in your NIST Cyber Security Framework program or if your span port is down and all of your DLPs and IPSes are now blind. An answer to this is to look for solutions that can measure your defenses across all of your defensive technologies and identify gaps in your security specified by frameworks written in house, or by vetted industry experts and groups such as PCI, NIST and CIS.
Read More…