To Whom Should the CISO Report

Reporting to Technology It is natural for a CISO to find themselves reporting to the CTO. The technical skills required for a solid understanding of the state of the security of a product are developed by curious minds rising through the ranks of the engineering unit of a business either on the quality or development… Read more »


Is Log4Shell an OT or GRC Problem?

Mandiant Advantage indicates the most commonly exploited vulnerability of the last quarter is still Log4Shell. Veracode reports that 38% of applications are still vulnerable to Log4Shell. Log4Shell remains a persistent problem because enterprise asset and supply chain management are difficult to sustain. This is hard to do well in businesses that deal in servers and… Read more »


Merits and Costs of Blockchain

In recent days Bitcoin has been getting a bad name on account of its grotesque energy consumption (BBC). The problem is that Bitcoin uses “Proof of Work” to secure its ledger. Proof of work motivates nodes in the Bitcoin network to compete to solve a computationally expensive math problem by rewarding them with Bitcoin. A… Read more »


Professional Image and Personal Privacy

I’ve been sitting in my hotel room in Dallas at the ICHI 2015 conference burning the evening hours watching documentaries on Netflix – Rise of the Hackers, Hacker Wars, Terms and Conditions May Apply etc. These documentaries focus on cyber-surveillance, privacy and security. They talk about Edward Snowden, Barrett Brown,  Hector Xavier Monsegur, lulzsec, sabu,… Read more »