I've been on the hype train before. (Flashback to the early days of Blockchain valuations) I've been a (mostly) quiet skeptic about the use of AI - specifically LLMs - for code generation. Anyone who has been writing software for a while will tell you that copying...

The data management side of GRC is not a hard problem to solve. This is why, for many small companies, an Excel spreadsheet is the tool-of-choice. But, as Security professionals know (or quickly find out), Excel GRC still comes with a bunch of downsides (e.g. Task...

"SBOM"—or "software bill of materials"—is one of the hottest new buzzwords in cybersecurity today, and for good reason. Each day brings new headlines about the latest supply chain attack, followed by a slew of security pundits with various ideas about how to protect...

Every day we’re inundated with news reports about the latest high-profile hack or malware outbreak. We hear how companies get shut down or have to pay large sums of money just to get their own data back. We read these articles like thriller novels — eager to hear how...

Many years ago, while working in an Army lab, I had the need for classification backgrounds. I thought I had seen them somewhere, but no one was able to point me to them when I needed them. Years later I learned that my backgrounds had been used in labs everywhere!...

Many years ago I created an Acceptable Use Policy (AUP) template that was intended for use by my small business clients. I wanted a policy that was short, understandable, and written to be read (not just for compliance). Over the years, I've seen pieces of this policy...

IT and Security are both high-growth industries. It's easy to understand that times change, technologies change, and vendors change. It inevitable, and a certain degree of change is always expected. As IT and Security professionals, we expect that continuous education...