Category Archives: Cybersecurity

In defense of Incrementalism (in vulnerability management)

Most of the vulnerability management programs I’ve encountered suffered from analysis paralysis—the infosec team had reams of data (or multiple spreadsheets) on their vulnerabilities but couldn’t make progress because they couldn’t decide where to start. Questions I frequently hear include:… (read more)

Posted in Cybersecurity | Tagged , | Comments Off on In defense of Incrementalism (in vulnerability management)

Threats and Risks . . . and Vulnerabilities

During an interview last week I was asked to define the difference between a Threat and a Risk using language that a non-technical CEO would understand. I gave a good answer and made it to the next round. And then… (read more)

Posted in Cybersecurity | Tagged , , | Comments Off on Threats and Risks . . . and Vulnerabilities

Cybersecurity for Small Businesses, Part 1: Make it Harder

This is the first of six posts on Cybersecurity for small businesses. Click here for the Introduction and links to the others. Make it Harder Make the attacker’s job harder, starting with passwords. Strengthen your passwords The goal here is… (read more)

Posted in Cybersecurity | Tagged , , | Comments Off on Cybersecurity for Small Businesses, Part 1: Make it Harder

Cybersecurity Presentation for Small Businesses: Introduction

This series of posts started as an outline for a short presentation on Cybersecurity for small businesses that I would eventually give multiple times over a couple of years in the northeast Ohio area. At the time, I was advised… (read more)

Posted in Cybersecurity | Tagged , , | Comments Off on Cybersecurity Presentation for Small Businesses: Introduction