All Posts

A thumbnail image

Why CISOs should Care About Cloud “Drift”

Drift metrics can help measure how well-managed an enterprise’s technology assets are. CISOs can mine data contained in mainstream cloud configuration tools to understand conformance or divergence from expected states.

A thumbnail image

SRE Metrics and Security Measurement

Google’s approach to measuring site reliability has much to recommend it. CISOs can steal a leaf from their book.

“Every time you perform arithmetic operations on ordinal numbers, God kills a kitten”

I was reading Rich Beijtlich’s blog today, and came across that quote from a commenter known only as JimmyTheGeek. Wonderfully funny, and spot on.


Before the holidays I ran a quick, three-question, survey of the mailing list membership about the number of passwords people use. Here are the results, drawn from 51 responses (not bad, considering the list membership is about 400 people). I’d promised the respondents that I’d share the results… so here they are.

Run, Do Not Walk, To Your Browser and Read Dan Geer’s Analysis

Dan’s a friend of mine, and we are both data junkies. Right about the same time I put the capper on a research report on malware trends (coming soon to Yankee Group subscribers), Dan releases this tour de force, a masterful synthesis of a lot of other people’s data.

Excuses Not To Use CVSS

I have always been a fan of the good work done by the CVSS folks. I have an obvious reason to like CVSS, of course: namely, to cheer on a former co-worker, Mike “Shifty” Schiffman, who was of the first version’s authors.