May 14, 2012

The video from my Source Boston session, No Victims: How to Measure & Communicate Risk is available here. It’s difficult to see theslides but hopefully you can follow along. Thank you again to the Source Boston organizers and volunteers for making the video available.


May 10, 2012

An application security design review can provide an organization with the information they need to assess potential treats to applications as well as what it’ll take to remediate and minimize the risk surrounding inadequate security.    Like any security assessment or...

May 4, 2012

There are so many angles to an information security program it’s not going to be covered in one small, potentially ranting, blog post.  But I’m going to jump off target before I even get on target.  We see programs and policies that appear to have been written by a pri...

May 2, 2012

One of the more fun parts of designing your own software is watching it evolve as you get smarter. Explicit feedback says one thing, observing people says another, software gets used, ignored, or used in ways you never intended. With this background, we have enough evi...

Please reload

Featured Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Recent Posts

April 30, 2015

April 10, 2015

Please reload