Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: Industry Commentary

CIO: The Next Career Step After Being The CISO? Why Not?

– Welcome once again to “The risk rack”, today’s column deals with Chief Information Security Officer (CISO) career paths and if a CISOs career path includes or should include the role of Chief Information Officer Role (CIO). I believe it should and I believe that CISOs have been…

The Misleading Nature of Schneier’s Security Mindset

– Recently Bruce Schneier wrote an essay on the Security Mindset. In it he wrote: Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They…

California Wildfires and Data Back-ups

– It looks as though business continuity and off-site data backups / storage are being introduced to the consumer rather than just corporate entities. The wildfires in California have something to do with this… So when I hear about fires in southern California, or hurricanes in the southeast,…

Why I no longer report website vulnerabilities that I stumble upon…

– I wrote this in July 2007 but decided against publishing it at the time. In July, I felt that I did not have a significant, publicly known case to help make the argument legitimized. The Dan Egerstad case prompted me to change my opinion. —- There was a time that if I found a vulnerability…

Linus Torvalds: Security a matter of opinion

– I found this on Slashdot. It points to an article here. Here is Torvalds on security: “Schedulers can be objectively tested. There’s this thing called ‘performance’, that can generally be quantified on a load basis. “Yes, you can have crazy ideas in both schedulers…