SRE Metrics and Security Measurement
Why can’t IT and security get along better? Disciplined technology teams use data and metrics strategically. But security and risk te...
Five Things the Last Decade Taught Me About Security Metrics
In metricon, Mar 21, 2019
The Twenty-Year War on Cybercrime
In security, risk, big data, Jun 06, 2015The Twenty-Year War on Cybercrime
This is the text of a speech I delivered at the Gartner Group Security and Risk Management Summit in June 2015. I originally wrote th...
Read MoreAll Stories
SRE Metrics and Security Measurement
Why can’t IT and security get along better? Disciplined technology teams use data and metrics strategically. But security and risk teams think about metrics differently than the rest ...
In metrics, Jun 05, 2019
Five Things the Last Decade Taught Me About Security Metrics
This is the nominal text of my opening remarks for Metricon X, delivered on March 21, 2019. It has been lightly edited for clarity and a few identities have been slightly disguised. T...
In metricon, Mar 21, 2019
The Twenty-Year War on Cybercrime
This is the text of a speech I delivered at the Gartner Group Security and Risk Management Summit in June 2015. I originally wrote the speech for Sir Roger Carr, the Chairman of BAE S...
In security, risk, big data, Jun 06, 2015
The DevOps Security Handbook: Building Security In With Chef, Part III
IntroductionThis is the third in a series of occasional posts about security and DevOps. The ultimate goal of this series is to show how to build a reasonably secure Apache web server...
In security, DevOps, Oct 06, 2013
The DevOps Security Handbook: Building Security In With Chef, Part II
IntroductionThis is the second in a series of occasional posts about security and DevOps. The ultimate goal of this series is to show how to build a reasonably secure Apache web serve...
In security, DevOps, Oct 03, 2013
The DevOps Security Handbook: Building Security In With Chef, Part I
IntroductionThis is the first in a series of posts about Chef, an infrastructure automation platform. The goal of this series is to describe how to build a reasonably secure Apache we...
In security, DevOps, Oct 01, 2013
Building Security In Using Chef
Lately I have been spending a lot of time with a new best friend. This new friend is reliable; he does everything according to plan and always exactly the same way. The results are ex...
In security, DevOps, Sep 23, 2013
New Web Adventures with Heroku
Many ardent followers of this blog know that among other things, one of my professional hobbies is application development. I am a “weekend programmer.” I always have a side project o...
In applications, dev ops, Aug 26, 2013
Review of Stephen Few’s “Information Dashboard Design, Second Edition”
Twenty years ago, a polymath prophet named Edward Tufte self-published an incendiary book, The Visual Display of Quantitative Information. It forever changed how a certain species of ...
In visualization, Aug 13, 2013
Cybersecurity for Machine-to-Machine (M2M) Networks
This is the nominal text of panel remarks I delivered at the Telecommunications Industry Association’s M2M & Cybersecurity Workshop on June 4th, 2013. The objective of the panel w...
In security, Jun 04, 2013Featured
-
SRE Metrics and Security Measurement
In metrics, -
Five Things the Last Decade Taught Me About Security Metrics
In metricon, -
The Twenty-Year War on Cybercrime
In security, risk, big data, -
Review of Stephen Few’s “Information Dashboard Design, Second Edition”
In visualization, -
Cybersecurity for Machine-to-Machine (M2M) Networks
In security, -
“Everything was green. Mulally thought that was odd for a company losing billions.”
In strategy, leadership, -
Escaping the Hamster Wheel of Pain
In security, hamsters, books,