Tuesday, September 28, 2021

Acquisition & Diversification Time for Cyber is Here

 Times are a changing, Bob Dylan said...

Look for acquisitions in this economic malaise, as well as entering new markets, to be the march of the Cyber/software orgs in the Fortune 1000....

More to come shortly...

Thursday, August 19, 2021

GitOps, DevSecOps, & AppSec

 As GitHub & GitLeaks rollout additional functionality more orgs will rely upon those offerings for traditional one-off DevSecOps/AppSec solutions (SAST, SCA, IAST).

Furthermore, CSP (PaaS) offerings will certainly eat into on-prem/subscription models as well. 

So, expect consolidation/divestitures for AppSec tool vendors in the near future.    

Monday, July 19, 2021

Cyber Needs to Walk the Walk

 Cyber orgs need to embrace the same governance they advocate/demand for IT/Ops/Dev tms.  You have to do things right & hold yourself accountable...

Thursday, April 1, 2021

Personal Loss & Professional Perservance in Cyber

My dad succumbed to COVID-19 a year ago today on 4/1/2020.  He had other health challenges; however, Coronavirus was his last great fight.  I lost my mom 10 months before him to cancer on 6/1/2019.  They were together for 50+ years....

My folks instilled in me both a work ethic & a sense of pride to persevere in hard times, as well as how to make the most out of this life.  I miss them, very much...

As a Cyber professional, I feel that sometimes our work may be both unforgiving and thankless; but it is our chosen profession, and speaking for myself, our calling.  While people may not always understand our actions/reasoning; ultimately, if your heart & head are in the right place, they will give you the benefit of the doubt.

So keep fighting the good fight, for we are doing good....

 

Monday, February 8, 2021

Third-party Governance for DevSecOps

For orgs that rely heavily upon outsourced development/technical resources (IT Outsourcing: ITO), it's important to ensure that contracts include covenants for the vendor to provide cyber (security) education, training & awareness (SETA).

Furthermore, a right to audit clause should be included as well that allows for the client to review SETA content, as well as attendance & scoring.    

Monday, January 11, 2021

Why are big data tools so darn expensive...?

 As we build out our web endpoint security scorecard (WESSy) I am in awe of the price points I see for data tools.

I get that these are enterprise-level tools; however, for smaller shops (like mine) that need this functionality it comes off as cost prohibitive.