Email, email, in the cloud
The transition from on-premises to cloud-based email is an opportunity to tighten security controls.
By Mathias Thurman | 08 May | Read more
Stories by By Mathias Thurman
RSA Conference is a timesaver
For our manager, the annual security gathering is a great way to get quality time with vendors.
By Mathias Thurman | 27 Feb | Read more
Getting buy-in to combat risk
A risk council with stakeholders from across the company could be an effective way to get needed resources to mitigate the worst security risks.
By Mathias Thurman | 13 Feb | Read more
The trouble with third-party assessments
If you let one customer perform security tests against your applications and network, you let yourself in for a lot of headaches.
By Mathias Thurman | 05 Jan | Read more
Putting security risks on simmer with Chef
A bit of automation can ease the PCI compliance burden.
By Mathias Thurman | 06 Dec | Read more
Just a test? If only!
The DDoS attack against DNS provider Dyn finds our manager without a backup plan. That’s painful, especially when the plan had been to test incident response soon.
By Mathias Thurman | 01 Nov | Read more
A nudge from ransomware
Our manager needs to get remote users’ PCs backed up without forcing them to connect to the network, which they rarely have to do these days to do their jobs.
By Mathias Thurman | 05 Oct | Read more
Trouble spotted on the network
No sophisticated SOC? You can still be pretty sure that you’re aware of anything potentially troublesome.
By Mathias Thurman | 12 Sep | Read more
SaaS risks come into focus
Sometimes, security risks are hiding in plain sight.
By Mathias Thurman | 02 Aug | Read more
Using compliance as a tool for change
Our manager leverages gaps in security compliance to enhance the security program.
By Mathias Thurman | 20 Jul | Read more
Let the budget games begin!
Even when top management is enlightened about the importance of good security practices, a security manager needs to go into the budget meeting prepared.
By Mathias Thurman | 09 Jun | Read more
The post-acquisition blues
The company calls in our manager to take a look around at a small software company it’s acquiring — after the deal has been signed.
By Mathias Thurman | 28 Apr | Read more
Stop Passing Around Those Passwords!
The company has sanctioned the use of an online password vault, so why is there a spreadsheet making the rounds that contains scores of passwords to servers that contain sensitive data?
By Mathias Thurman | 30 Mar | Read more
In pursuit of HIPAA, a new compliance gap arises
Meeting requirements can be exhausting, but the business payoff can make it all worthwhile.
By Mathias Thurman | 09 Mar | Read more
A checklist for SaaS vendors
Our manager’s company uses a lot of third-party vendors, and some of these relationships have been in place for years. What will happen when he goes back to assess their security risks?
By Mathias Thurman | 02 Feb | Read more