Closing the IT Security and IT Operations (SecOps) Gap


IT security and compliance are at the top of everyone's agenda right now, and for good reason. The news over the past year seemed to be all about companies being breached in every industry. These are hardly new problems, and any responsible company has been investing in IT security and compliance for a long time. The problem is that the … [Read more...]

The SecOps Gap in action


I had no sooner posted about how Heartbleed is somehow still a problem than there was yet another new vulnerability out there. Reassuringly, the new disclosure from our good friends at Qualys reinforces my point. My post explored why Heartbleed is still a problem more than nine months after it was first disclosed, and I blamed the SecOps Gap. While … [Read more...]

Heartbleed and the SecOps gap

The SecOps gap

Why 2015 won't be like 2014—oh, wait As we all know, 2014 was a banner year for security breaches. I won't even list the victims, not least because that would make for a very long, boring blog post. Instead, let's talk about how we can make 2015 the year we fix IT security. This is, of course, against my own best interests. Anyone who built a … [Read more...]

Sony Proves Times Have Changed for Security Professionals

Cyber attacks can be devastating to a business

It used to be the case that when you thought of Sony, you thought of movies, entertainment and high end electronics. No longer. If you’re in IT, or if you are a business executive, Sony will probably bring to mind security problems, which shows that the challenges of maintaining cyber security are now part of the mainstream public … [Read more...]

Security Automation And The SecOps Crisis


This last week brought major changes in the business cost of  poorly automated IT security. A US federal judge ruled that banks can sue Target to recover damages because poor security played a “key role” in allowing its systems to be compromised. Banks now have the ability to go after merchants that have been hacked. From here it is a short step … [Read more...]

The state of IT security in 2014


This week I have been taking the temperature of the Gartner Security and Risk Management Summit in London. Security is a very hot topic right now, with a constant drumbeat of news about security breaches. I already wrote about Community health Systems, and now Home Depot are in the news, with some claiming that the consequences could be even more … [Read more...]