August 9, 2018

Growing up, I played football and it was all that mattered to me. I thought I could never enjoy another sport as much as I did the game of football. A friend on my football team in high school invited me out to join the track team to compete in the shot put but I event...

May 18, 2018

Have you heard of the Content Security Policy (CSP) “frame-ancestors” directive? It is a newer alternative to the X-Frame-Options header which offers better control and broad but not universal browser support. First a bit of history.

The directive was originally propose...

February 21, 2018

     Every organization that comes to us for penetration testing is driven by different motives. Our clients come from a variety of industries and range from enterprise level organizations down to start-ups that need testing to receive funding. While it would be assume...

July 9, 2015

Several years ago, I had a conversation with an individual who adamantly claimed that jailbreaking and rooting mobile devices actually improved security. His claim rested on the argument that jailbreak and root tools commonly patch the vulnerability used to circumvent...

April 30, 2015

Frequent readers know metrics are a passion of mine. They provide key stories to answer:

  • Should we invest more or less in security

  • Are we performing to commitments

  • Which groups are top performers

Recently SIRA started aproject to define metrics based on...

April 10, 2015

Caliber Security Partners is proud to announce the GRC Select suite.

With Compliance Communicator advancing out of beta, we’re positioning the legacy term of Security Process Management to GRC Select. Please visit theGRC Select landing page and let us know what you thin...

September 23, 2014

Recently, I had the opportunity to conduct a HIPAA/HITECH Risk Assessment for a regional healthcare provider. In this project, a HIPAA/HITECH compliance assessment was required prior to the risk assessment work.

After the project kick-off meeting, various meetings were...

September 11, 2014

Often in security we get so caught up in firewall rules, anti-virus alerts, answering audit or compliance surveys and such that we sometimes put the cart before the horse. We focus on implementing the little details without developing or updating our overall strategy....

June 26, 2014

I'm an avid hiker and have been a youth leader in several organizations over the past 20 years or so. In outdoor leadership, a core component of leadership is awareness: awareness of environment, group and self (see "AMC Guide to Outdoor Leadership" by Alex Kosseff). A...

June 6, 2014

As a member of Infragard, a public/private partnership between the FBI and security leadership around the country, I have access to a number of FBI alerts. Many have controlled distribution, but some are completely open. Monday June 2, the FBI issued Flash #32, one of...

Please reload

Featured Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Recent Posts