It’s that time of year again, we are building up the conference season. A time where we look left-and-right across the security challenges that organisations are facing. Around this time last year, I gave my view of the EMEA CISO Landscape and given all that has happened in our industry over the past 12 months, I wanted to provide …
Continue reading Top Ten CISO Challenges: What to Watch in EMEA
Automation and commoditisation aren’t the exclusive reserve of nation state exploits being released. Stress testing tools for DDoS, malware-as-a-service and dark-web selling of user credentials and payment cards shows that information and tools are available at a price point appealing for the masses. I remember a keynote I gave at a conference in Dublin, Ireland. …
Controls fail. Interestingly, a technical control can expose a process or people vulnerability. If you work in the information security space, you no doubt remember the 2014 data breach at US retailer, Target. The impact saw Target pay an $18.5 million, multistate settlement for the loss of payment card details associated with 41 million customers …
Continue reading Controls will fail – not there as a failsafe
There’s a lot of confusing rhetoric around GDPR (General Data Protection Regulation). I’d like to help clear up some of it. I’m not a GDPR expert; however, I am a CISO with pretty deep experience in the implementation of risk management and information security programs. I lead my own organization’s GDPR readiness activities, and I’ve studied, and passed, …
Continue reading CISOs: What you can control – and what you can’t – in GDPR
Cybersecurity Matters 