I have a personal, and I think (of course) the ultimate, information security metric: Mean Time Between Horrifying Discovery (MTBHD). While this may be self evident, there are some subtleties in the definition of MTBHD. The basic idea would simply be
I’m finally getting around to publishing this out here, but this is a link to my speaking engagement at this year’s (2013) Secure360 conference: http://secure360.org/schedule/culture-trumps-calculation/ I was pleased with the presentation and feedback received from the attendees. They were generally positive, some humorous, and a few constructive. However, the important part is that I was […]
I will be speaking at this year’s Secure360 conference in St. Paul, MN on what I think is an interesting aspect of information security risk management. I’ll be speaking on May 15th, the second day of the conference. My presentation will explore a little about how people make decisions, from group think to type A […]
After my speaking engagement at the Secure360 conference in St. Paul, MN, I participated in Society of Information Risk Analysts’ podcast. The podcast recently went live and you can find it here: Episode 6: Secure360 interviews SIRA’s podcasts have typically been enjoyable and this one is no different. Now, in spirit of “full disclosure”, my […]
One of the biggest “culture shocks” I had when I started working for the State of Minnesota was around data classification.