Conversations in Risk-Based Security

Joseph Wilson

Recent Posts

Practice Cyber Combat on a Cyber Range

Posted by Joseph Wilson on Jun 28, 2018 11:38:36 AM

Cyber security is a skill based occupation.  The only way to improve a cybersecurity expert skill set, is by accumulating hands-on experience.  Similar to fighter pilots, who don’t often face the challenges and threats of the real world , training cybersecurity experts can be effective only  by simulating hyper-realistic scenarios which allows cybersecurity individuals and teams to face a real threat, and improve their skills based on the experiences.

Read More

Topics: cybersecurity, cyber range

A Chat with Larry Newfield: Don’t Be an Information Hoarder

Posted by Joseph Wilson on May 24, 2018 10:27:23 AM

What are the most important principles in information security?
Data Minimization and Frictionless Security. Data minimization is a real key. You can’t lose, nor hurt clients’ privacy if you are not maintaining things someone wants to steal. This also makes it easier to protect what data you do have. If you have fewer categories of data, it is easier to sort out what you need to protect to the highest level versus elements that are not quite as sensitive, or about clients. In thinking about data minimization, you must always be asking: Why was this sent to us? Why should we be storing it? Are there govt regulations that force me to store it for a minimum timeframe?

Read More

Why should I care about GDPR? There are at least 24 million reasons!

Posted by Joseph Wilson on May 1, 2018 11:10:49 AM

Just what are the new GDPR Regulations?

The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located.

Read More

Those Who’ve Been Hacked and Those Who Don’t Know it Yet

Posted by Joseph Wilson on Apr 10, 2018 11:23:49 AM

When you were educated, prior to moving into the professional workforce, what sort of training did you get on cyber security?

Zero, other than password management! When I started in the IT space, Cyber Security wasn’t even a known term. If you said those words together, you would get puzzled looks. Less than two decades ago our biggest concern was getting ready for Y2K. However, continually learning has always been part of being a technologist. Learning to focus on security has certainly been a learned behavior. Almost every professional consultancy has developed a security practice and they have been a tremendous resource for security expertise and learning. In fact, now we obsess about protecting our critical information assets.

Read More

CISO - Which Tribe Is Yours?

Posted by Joseph Wilson on Apr 6, 2018 12:13:38 PM

Do you ever wonder: How am I stacking up against my peers? What is everyone else doing? Am I missing something obvious? How do I improve my performance?

Read More