by alex on February 26, 2012

So it’s early Sunday AM, and I’m getting my RSA Schedule together finally.  So here’s what I’m looking forward to this week, leave us stuff in the comments if you’ve identified other cool stuff: =============== Monday:  8 freaking AM – (…)

Read the rest of this entry »

Threat Modeling Fails In Practice

by alex on February 2, 2012

Would be interested in readers thoughts on Ian G’s post here: https://financialcryptography.com/mt/archives/001357.html

Please Participate: Survey on Metrics

by alex on January 16, 2012

I got an email from my friend John Johnson who is doing a survey about metrics.  If you have some time, please respond… ———————————————————————————————————————————————— I am seeking feedback from others who may have experience developing and presenting security metrics to (…)

Read the rest of this entry »

How to Send Adam into Hysterics

by alex on January 10, 2012

Via Nathan Yau’s awesome Flowing Data blog.

Discussing Norm Marks’ GRC Wishlist for 2012

by alex on December 21, 2011

Norm Marks of the famous Marks On Governance blog has posted his 2012 wishlist.  His blog limits the characters you can leave in a reply, so I thought I’d post mine here. 1.  Norm Wishes for “A globally-accepted organizational governance (…)

Read the rest of this entry »

Particularly NewSchool Job Posting

by alex on December 8, 2011

From Keith Weinbaum, Director of Information Security of Quicken Loans Inc. https://www.quickenloanscareers.com/web/ApplyNow.aspx?ReqID=53545 From the job posting: WARNING:  If you believe in implementing security only for the sake of security or only for the sake of checking a box, then this (…)

Read the rest of this entry »

Cheezy Lines by a BioStatistician

by alex on December 6, 2011

from Biostatistics Ryan Gosling Including my favorite:             Thanks to my friend Bob Rudis for the headsup.

The One Where David Lacey’s Article On Risk Makes Us All Stupider

by alex on November 25, 2011

In possibly the worst article on risk assessment I’ve seen in a while, David Lacey of Computerworld gives us the “Six Myth’s Of Risk Assessment.”  This article is so patently bad, so heinously wrong, that it stuck in my caw (…)

Read the rest of this entry »

Some Thoughts on Binary Risk Assessment

by alex on October 20, 2011

Ben Sapiro showed off his Binary Risk Assessment (BRA) at SecTor recently.   While I didn’t see the presentation, I’ve taken some time and reviewed the slides and read through the documentation.  I thought I’d quickly give my thoughts on this: (…)

Read the rest of this entry »


by alex on August 16, 2011

I’ve left Verizon.  A lot of folks have come up to me and asked, so I thought I’d indulge in a rather self-important blog-post and explain something: It wasn’t about Verizon, but about the opportunity I’ve taken. Wade, Chris, Hylender, (…)

Read the rest of this entry »