Top Ten CISO Challenges: What to Watch in EMEA

It’s that time of year again, we are building up the conference season. A time where we look left-and-right across the security challenges that organisations are facing. Around this time last year, I gave my view of the EMEA CISO Landscape and given all that has happened in our industry over the past 12 months, I wanted to provide …

Continue reading Top Ten CISO Challenges: What to Watch in EMEA

Commoditisation of Tooling

Automation and commoditisation aren’t the exclusive reserve of nation state exploits being released.  Stress testing tools for DDoS, malware-as-a-service and dark-web selling of user credentials and payment cards shows that information and tools are available at a price point appealing for the masses.  I remember a keynote I gave at a conference in Dublin, Ireland. …

Continue reading Commoditisation of Tooling

Controls will fail – not there as a failsafe

Controls fail.  Interestingly, a technical control can expose a process or people vulnerability. If you work in the information security space, you no doubt remember the 2014 data breach at US retailer, Target.  The impact saw Target pay an $18.5 million, multistate settlement for the loss of payment card details associated with 41 million customers …

Continue reading Controls will fail – not there as a failsafe

CISOs: What you can control – and what you can’t – in GDPR

There’s a lot of confusing rhetoric around GDPR (General Data Protection Regulation). I’d like to help clear up some of it. I’m not a GDPR expert; however, I am a CISO with pretty deep experience in the implementation of risk management and information security programs. I lead my own organization’s GDPR readiness activities, and I’ve studied, and passed, …

Continue reading CISOs: What you can control – and what you can’t – in GDPR