Loading ...BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
-
Recent Comments
- Bouch on Who’s In Charge Here? The Problem of Information Security Governance
- SecurityExec on Who’s In Charge Here? The Problem of Information Security Governance
- dustin on Patent No. 7,124,197: ARP Poisoning Hack!
- Rob on Agility and Risk Compensation: Exploring the Connection
- Navin on Why Information Security Professionals Should Learn Texas Hold ‘em Poker
Tags
agility algorithms application security assessment awareness Awareness / Education awareness instruction awareness training bloginfosec Annoucements Books on InfoSec breach incidents Budgeting for Security business continunity CIA triad CISO CISO savvy CISO skills COBIT Coding Securely / SDLC compliance Conferences / Events / Meetups contingency plans counterfeit counterfeit equipment data breaches data breach notification laws data classification digital signature disaster recovery education Encryption end-point security equipment Exploit Code / Malware facebook fake FBI featured FFIEC Forensics / Incidents FUD FUD Theater GLBA governance government Gramm-Leach-Bliley hackers hash HIPAA honeynet honeypot identity management identity theft IDM incident Industry Commentary Information security Interviews ISACA Jobs in Information Security Johnny Long KPMG law leadership Legal & Regulatory Issues malicious insider malware metrics nation states network News Commentary No Tech Hacking OWASP Patching PCI Penetration Testing perimeter Phishing Policies and Procedures Privacy Privacy Rights Clearinghouse Reverse Engineering risk Risk Analysis risk management ROI ROSI SB 1386 Security security awareness Security Breaches self-awareness Social Engineering soft skills Solutions / Workarounds SPAM spotlight successful behaviors Tools training Uncategorized Virtual Trust Viruses / Worms vulnerability assessment Vulnerability Commentary Vulnerability Disclosure Wireless Wireless Client Wireless Discussion Wireless Security Wireless Vulnerability Discussion
Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
BlogInfoSec.com Sponsors
BlogInfoSec.com Partners
A Different Take on the ITsecurity.com Top 59, SBN and the Infosec Blogging field
My voice is clearly different than most InfoSec bloggers. The majority of bloggers that write on InfoSec fall in to the following categories: consultant, vendor, technical practitioner, vulnerability researcher.
There are very few corporate management InfoSec bloggers publishing at the current time. I am thankful that my employer allows me to blog on InfoSec (in my spare time). This can change at any time, though.
My perspective is often contrarian to the current InfoSec perspective because I (personally) do not come from a “world is broken” perspective. My perspective is from a corporate risk management perspective. I seek to understand things in a pragmatic way, understand priorities and realize there are limitations: technical, financial, etc.
I did not mind the ITsecurity.com top 59 list because most lists that came after were relegated to a specific niche in the field, the majority technical. Since I no longer practice technical security work full-time, these lists only cover part of my perspective on the field and part of my daily responsibilities.
I know my readership. Some of my readership cannot/do not want to post or to have their name mentioned. I receive emails from colleagues that are quite thought provoking, but I cannot show those discussion threads. Occasionally I ask if I can reference their content, often times they consent. It’s a shame that the voices of those who have been working in the field for 20+ years are not often heard. (Just for clarification, I have not been in the field for 20+ years, but often network with people who are veterans.)
If SBN and the ITsecurity.com Top 59 expose my perspective to a larger audience, I’m all for it.