Here are the Blogs in the Connecting the Dots
Saturday, 4 August 2018
On July 31, 2018 I attended the first National Cybersecurity Summit at the US Customs House in lower Manhattan. The building itself was constructed around 1902-1907 in order to collect tariffs. Teddy Roosevelt was President and tariffs were a subject of divisive national debate. Global issues were ...Read More...
Posted on 08/04/2018 7:08 AM by Frederick Scholl
Wednesday, 4 July 2018
Two recent privacy laws—GDPR and the California Consumer Privacy Act (AB-375) --focus more attention on protecting digital privacy of individuals. Both laws will require that security professional up their game. In this post I will cover some of the security implications of AB 375. Gone are the days ...Read More...
Posted on 07/04/2018 12:43 PM by Frederick Scholl
Thursday, 31 May 2018
Yesterday DHS and the Commerce Department released their most recent workforce report “Supporting the Growth and Sustainment of the Nation’s Cybersecurity Workforce”. The report was commissioned by the Trump administration in May 2017. Having studied this issue from roles in academia, private industry ...Read More...
Posted on 05/31/2018 3:17 PM by Frederick Scholl
Wednesday, 9 May 2018
In this digital era, anything can be faked; followers, news, experts, emails and so on. The possibilities are limited only by the imagination of the faker. It turns out that these issues were addressed back in 1996, by Carl Sagan, the world-famous astronomer. His context was UFO’s, ...Read More...
Posted on 05/09/2018 12:54 PM by Frederick Scholl
Tuesday, 10 April 2018
Information security over the past few years has been obsessed with zero day vulnerabilities, hacking exploits and headline making mega breaches. Every security risk manager is looking for the “unknown unknowns” that could result in untimely unemployment. But is that the right approach? One presentation ...Read More...
Posted on 04/10/2018 11:25 AM by Frederick Scholl
Tuesday, 23 January 2018
The recent government shutdown got me thinking about budgets and information security. Having just submitted a proposal to a small business myself, I am asking the question: What is best practice for small or mid-sized business (SMB) information security?
Every SMB is going to have a limited budget. This ...Read More...
Posted on 01/23/2018 9:57 AM by Fred Scholl
Wednesday, 13 December 2017
If only building a security start-up was as predictable as transitioning from caterpillar to butterfly! But, it’s not. Unfortunately it usually requires many turns and corresponding changes. Consider companies like Blackberry, once a ubiquitous handset provider, now an enterprise security provider. Or ...Read More...
Posted on 12/13/2017 10:27 AM by Fred Scholl
Friday, 1 December 2017
There are many posts on corporate directors’ responsibilities toward the organizations where they are board members. In fact, corporate directors themselves may be targets for hacktivists or cybercriminals and need to make sure they have adequate protection. This protection should include both home ...Read More...
Posted on 12/01/2017 10:02 AM by Fred Scholl
Friday, 10 November 2017
This topic came up because of two recent headlines and one new book. The first was the news that the now former Equifax CISO was a music major, without formal college level tech or security training. The second was the recent article in the WSJ highlighting Bank of America’s new Chief Operations and ...Read More...
Posted on 11/10/2017 8:43 PM by Fred Scholl
Wednesday, 25 October 2017
In this era of digital disruption, business leaders are turning to technology to keep up. But, will they continue to turn to traditional IT leaders to map out the future? This is the question addressed by Mark Schwartz’s new book A Seat at the Table. Mr. Schwartz engagingly analyzes the present and ...Read More...
Posted on 10/25/2017 12:20 PM by Fred Scholl
Friday, 15 September 2017
The Equifax data breach illustrates again the need for speed in security management. If the breach was through a known vulnerability, we wonder why wasn’t it patched? If through another path, we wonder why wasn’t the attack detected? We have so many incident and event management tools for servers, ...Read More...
Posted on 09/15/2017 12:15 PM by Fred Scholl
Friday, 4 August 2017
In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master. The trial is in progress now.
It is not often that we get a look at the details of a computer security breach, but in this case at least some details are in the docket of the ...Read More...
Posted on 08/04/2017 12:24 PM by Fred Scholl
Tuesday, 11 July 2017
Every year, MIT Technology Review publishes its list of the 50 smartest companies. This year, two information security companies made the list, along with big time players like Amazon, SpaceX, etc. TR doesn’t publish the detailed selection criteria, but they include things like: ability to dominate ...Read More...
Posted on 07/11/2017 10:08 AM by Fred Scholl
Wednesday, 24 May 2017
Play Bigger is a new book by entrepreneurs for entrepreneurs (2016, Harper Business). The authors’ theme is that today’s markets are so crowded that you cannot rely on niche marketing into white spaces; you have to create your own white spaces, or “categories”. The goal is to be a “category king”. The ...Read More...
Posted on 05/24/2017 9:47 AM by Fred Scholl
Wednesday, 17 May 2017
The current worldwide attack from WannaCry is going to have lasting impact for information security. The question is: what will that be and who will benefit? In this blog post I will take a contrarian viewpoint and suggest that it will not be beneficial to security practitioners or security businesses. I ...Read More...
Posted on 05/17/2017 4:03 PM by Fred Scholl
Monday, 8 May 2017
Last night I went to a screening of Laura Poitras’s movie about Julian Assange. If you are interested in national security, I highly recommend the film. I had expected a big crowd, but Nashville’s Belcourt was only about 20% full.
Love WikiLeaks or hate WikiLeaks, it is likely Assange will continue ...Read More...
Posted on 05/08/2017 3:12 PM by Fred Scholl
Wednesday, 12 April 2017
One of the biggest cyber threats that many US companies face is theft of their intellectual property (IP). This includes trade secret, patents, software and copies of tangible goods. The recently released “Update to the IP Commission Report” gives tangible, current information on all four categories. ...Read More...
Posted on 04/12/2017 4:07 PM by Fred Scholl
Thursday, 6 April 2017
The Tennessee legislature recently passed a modification to the state privacy breach notification requirements, § 47-18-2107. The modification has been sent to the governor for signature. Unfortunately, the modification just confuses the law’s requirements.
The existing code says that a breach ...Read More...
Posted on 04/06/2017 11:20 AM by Fred Scholl
Tuesday, 28 March 2017
If you are like me, you have read through many articles and books on leadership. Most security professionals come with a technical background that does not directly facilitate leading people. But solutions aren’t easy to find, either. Many leadership training programs seem vague to me. What about “soft ...Read More...
Posted on 03/28/2017 1:54 PM by Fred Scholl
Friday, 24 March 2017
On my way into the office this morning, I listened to a podcast interview of a well-known SIEM vendor. I got more and more frustrated at the wheel, but did make it to the office without incident. The focus of this conversation was the plethora of log sources that this vendor could ingest—system, network, ...Read More...
Posted on 03/24/2017 11:43 AM by Fred Scholl