I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto. [su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote] These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on… Continue reading Cigital’s Agile Security Manifesto
Category: Advocacy
Standardize Your Security In An Agile Culture
Thoughts on Information Security and Risk Management in an Agile Culture Narrated slidedeck from a presentation given at the Chattanooga chapter of ISSA. In keeping with the Ides of March timing of the presentation, I chose to model my analogy to include references to Julius Caesar and Mark Antony.
Brother Can You Spare a Protocol?
If you haven’t yet heard of the SSLv3 protocol exploit then where have you been and how can you sleep at night. Surely someone ran past you yesterday (Tuesday 10/14/14) with his hair on fire, screaming about graceful degradation of protocols. You can read about the POODLE exploit process any number of places… Continue reading Brother Can You Spare a Protocol?
BSides Nashville – Scaling Security to the Enterprise
[youtube http://www.youtube.com/watch?v=QqV_a_5tZCI?feature=oembed&w=250&h=140] Scaling Security to the Enterprise – from BSides Nasvhille (May 17, 2014) (Source: https://www.youtube.com/)