SRE Metrics and Security Measurement

Why can’t IT and security get along better? Disciplined technology teams use data and metrics strategically. But security and risk te...

In metrics, Jun 05, 2019

The Twenty-Year War on Cybercrime

This is the text of a speech I delivered at the Gartner Group Security and Risk Management Summit in June 2015. I originally wrote th...

Read More

All Stories

SRE Metrics and Security Measurement

Why can’t IT and security get along better? Disciplined technology teams use data and metrics strategically. But security and risk teams think about metrics differently than the rest ...

In metrics, Jun 05, 2019

Five Things the Last Decade Taught Me About Security Metrics

This is the nominal text of my opening remarks for Metricon X, delivered on March 21, 2019. It has been lightly edited for clarity and a few identities have been slightly disguised. T...

In metricon, Mar 21, 2019

The Twenty-Year War on Cybercrime

This is the text of a speech I delivered at the Gartner Group Security and Risk Management Summit in June 2015. I originally wrote the speech for Sir Roger Carr, the Chairman of BAE S...

In security, risk, big data, Jun 06, 2015

The DevOps Security Handbook: Building Security In With Chef, Part III

IntroductionThis is the third in a series of occasional posts about security and DevOps. The ultimate goal of this series is to show how to build a reasonably secure Apache web server...

In security, DevOps, Oct 06, 2013

The DevOps Security Handbook: Building Security In With Chef, Part II

IntroductionThis is the second in a series of occasional posts about security and DevOps. The ultimate goal of this series is to show how to build a reasonably secure Apache web serve...

In security, DevOps, Oct 03, 2013

The DevOps Security Handbook: Building Security In With Chef, Part I

IntroductionThis is the first in a series of posts about Chef, an infrastructure automation platform. The goal of this series is to describe how to build a reasonably secure Apache we...

In security, DevOps, Oct 01, 2013

Building Security In Using Chef

Lately I have been spending a lot of time with a new best friend. This new friend is reliable; he does everything according to plan and always exactly the same way. The results are ex...

In security, DevOps, Sep 23, 2013

New Web Adventures with Heroku

Many ardent followers of this blog know that among other things, one of my professional hobbies is application development. I am a “weekend programmer.” I always have a side project o...

In applications, dev ops, Aug 26, 2013

Review of Stephen Few’s “Information Dashboard Design, Second Edition”

Twenty years ago, a polymath prophet named Edward Tufte self-published an incendiary book, The Visual Display of Quantitative Information. It forever changed how a certain species of ...

In visualization, Aug 13, 2013

Cybersecurity for Machine-to-Machine (M2M) Networks

This is the nominal text of panel remarks I delivered at the Telecommunications Industry Association’s M2M & Cybersecurity Workshop on June 4th, 2013. The objective of the panel w...

In security, Jun 04, 2013