Why security must not report to IT
Industry stories and personal anecdotes prove that independent security and tech leadership breed superior security results
GRC in Practice
Learn how to get engineering teams to listen, make executives care about your recommendations, and build influence that goes beyond compliance theater. For pros who want to drive decisions.
5 Horror stories about cybersecurity consultants (and how to avoid them)
Anecdotes about consulting services gone wrong in the context of enterprise information security. The core issue? A misunderstanding of how to use consulting by companies that hire them.
How to convince developers to fix their security vulnerabilities?
Presenting developers with vulnerabilities is one of the most common -and frustrating- tasks of any security analyst. Here's a list of the most common excuses developers come up with to avoid fixing vulnerabilities and how I react to them.
How to incorporate security into your branding strategy?
Everybody claims their product is secure. Then why are there so many data breaches? Instead of promising the impossible -zero incidents!- companies should showcase their expertise and commitment to integrity.
What you need to know before you start your bug bounty program
Tips and tricks on what to expect from a bug bounty program in your organization: how will the program help your security posture, and how to take care of your response team who is going to be on the front lines.