Leveraging Security Policy Orchestration to “Bake Security in” to SDDC Environments

By David Monahan on Jan 27, 2015 9:50:24 AM

I have a new guest blog just posted at for Tufin around Security Policy Orchestration.  You can check it out here.

Continue Reading

Breach Detection, Sony Entertainment and Vectra Networks…

By David Monahan on Dec 19, 2014 1:25:56 PM

Working in information security for the past 20 years, I have seen a lot. Though there have been many multi-million dollar impact breaches, the recent Sony Pictures hack and subsequent data exposure and extortion is probably the most impactful to a company out of the previous breaches this year.

Continue Reading

Allgress Insight Risk Management Suite Brings Flexibility and Functionality to IT-GRC

By David Monahan on Dec 19, 2014 1:04:02 PM

When I started out in security, only very large organizations with a mature set of business processes dared to talk about implementing some form of governance, risk, and compliance (GRC) or enterprise program (e-GRC). They generally did it in an attempt to get ISO or similar certification, or to “move their programs to the next level,” and some, I think, attempted it just to prove they did it. Many of those efforts were monumental, costing millions of dollars and taking years to complete. However, a significant number seemed to end in compromise, yielding a smaller end result or totally failing after thousands of man hours and millions of dollars for software, systems, and consulting had been spent.

Continue Reading

Is EMV an Expensive Security Misstep for the Payments Industry?

By David Monahan on Dec 8, 2014 10:04:28 AM

There is no disagreement that the current mag-stripe technology used in the USA and other countries outside of the EU is antiquated and lends itself to fraud. The data is easily copied using various methods from manual card data copying and shoulder surfing, to database compromise and POS terminal malware.  Cards can be reproduced with off-the-shelf plastic blanks and a simple machine you can buy on the Internet.

Continue Reading

Damballa and Bit9 + Carbon Black Collaborate to Deliver Better Security with More Context

By David Monahan on Oct 28, 2014 1:54:17 PM

 

Continue Reading

Thoughts on Splunk .conf 2014

By David Monahan on Oct 24, 2014 10:43:42 AM

This week, Las Vegas hosted some 3500 people at the MGM Grand to mark Splunk .conf14, the annual user gathering for Splunk customers, referred to as “Splunkers”. For those of you not in the tech industry, spelunking, or the act of exploring caves, may come to mind. The theme of the conference was not cave exploration, but data exploration; however, the analogy of cave exploration actually aligns very well. “Splunkers” are diving into their data, delving deep into places that many have never explored before. Each of them finding new and cool ways to use the data that they have been collecting for years, just-in-case they ever needed it.

Continue Reading

Gaining Data Control with BYOD and Bluebox

By David Monahan on Apr 22, 2014 10:51:06 AM

What’s the issue with BYOD? Data Control… What’s the issue with Data Sharing? Data Control!

Continue Reading

Security Awareness Programs Are Not just For Compliance

By David Monahan on Jan 16, 2014 8:35:20 PM

I see a significant gap in not only how the need for Security Awareness training is perceived as needed but also in the general quality of the programs and training delivered vs other types of training.  In many cases small companies avoid security awareness training due to ignorance, cost fears, or fears it will stifle their culture of creativity.  This research project is structured to give CIO’s, CISO’s, and other security and IT managers the data to motivate them to provide in security awareness training programs thereby bringing about change in their organizations.

Continue Reading

Graph Databases–and Their Potential to Transform How We Capture Interdependencies

By Dennis Drogseth on Nov 18, 2013 2:10:15 PM

Discovering, capturing and making sense of complex interdependencies is central to running IT organizations more effectively, and it is also a critical part of running the businesses IT serves. Whether it’s optimizing a network, or an application infrastructure, managing change, or providing more effective security-related access—more often than not these problems involve a complex set [...]

Continue Reading

    Lists by Topic

    see all

    Posts by Topic

    see all

    Recent Posts