Did you listen to my appearance on the Down the Rabbithole Security Newscast for April 7?

What started as a guest spot to share some insights on the Target breach has turned into a regular appearance on the Down the Rabbithole (DtR) Security Newscast with Raf Los (@Wh1t3Rabbit)  and James Jardine (@JardineSoftware). We record the DtR Newscast every other Monday to engage in spirited discussion about security topics in the news. It marks a long-overdue return to podcasting for me. As a participant, I'm drawn to the combination of our energy and the ease with which we explore different perspectives. More bluntly, we don't always run with the herd, and we're happy to share. For me, that keeps it interesting. I think it will for you, too. We don't always agree, but we're agreeable, and tackling tough issues in enterprise security with an eye toward how our … [Read more...]

Effective Communication and the Value of Cloud Security (Presentation)

Effective Communication and the Value of Cloud Security (Presentation)

Perplexed by the challenge of cloud security, let alone how to use effective communication to demonstrate the business value of taking an approach that secures information? The rapid growth and adoption of cloud computing leads to sometimes confusing situations where security remains an afterthought. At a time when everyone is expected to do more with less, the difference between success and failure hinges on effective communication. In fact, many people now realize the ability to communicate the value of security, and of their efforts, is the difference between career success and failure. I recently considered how to cut through the confusion surrounding "cloud security" to use effective communication to demonstrate the business value of our efforts and shared … [Read more...]

The Human Paradox Gap – Security Awareness Roundtable [Audio Download]

The Human Paradox Gap – Security Awareness Roundtable [Audio Download]

A common concern voiced in the industry is that people simply do not, and sometimes cannot, understand why they are asked to take actions for the sake of security. However, the challenge lies less with the individuals themselves than it does with a paradox introduced in Into the Breach and expanded into an applied model [click here to learn more]. The current accepted approaches to security awareness mask the real challenge. Without understanding and addressing the Human Paradox Gap (HPG), so-called awareness efforts are more likely to increase risk instead of decreasing it.  In this security awareness roundtable,  Steve Ellis and Chris Carpinello join me to explain and explore the real challenge underlying security and security awareness: the "human paradox … [Read more...]

Defining Security Awareness – Security Awareness Roundtable [Audio Download]

The first episode of the Security Awareness Roundtable addressed the importance of defining security awareness the right way. The audio of the roundtable is now available for download and enjoyment. Joined by Justin Bovee and Steve Ellis, we presented the definition of security awareness, explored how it sets the stage for success and offered insights into using the definition to build an effective program. We also talked about how this definition makes it possible to turn what is often considered a cost into an investment -- while satisfying compliance issues and a sometimes sour attitude toward "security awareness." We covered a lot of ground in a short period. Note: this was hosted on the now defunct focus.com. The audio recording is still available … [Read more...]

Into the Breach – Audio Series – Chapter 12 (Final Thoughts: Courage to Act)

Into the Breach – Audio Series – Chapter 12 (Final Thoughts: Courage to Act)

Welcome to the continuation of the Into the Breach: Protect Your Business by Managing People, Information and Risk audio series. This series is the full and unabridged audio version of Into the Breach, written by Michael Santarcangelo and read by the author. In this episode (Chapter 12) This chapter addresses the challenge of leading and influencing change by focusing on first changing yourself. The concepts introduced and explained in Into the Breach – the Strategy to Protect Information, The Catalyst Methodâ„¢ (recently updated) and others – produce rapid and lasting results for those who embrace them and implement them in their organizations. Michael shares two basic analogies to consider while summoning the courage to break from tradition and take … [Read more...]