April 27, 2015
With all the breaches and cyberattacks in the news, your executives are probably asking you: "How can we make our application security policy more effective?" According to a recent Gartner report, "Policy is an important form of communication about risk, and the impact on the reader will be maximized if the text is well-crafted in organizational appropriateness and writing style.... READ MORE›
April 22, 2015
RSA is here again. This year our crew is decked out in spiffy monster ties, sweater vests and cardigans. rsac-team.png And here I am again, blogging from my cube. As usual, I’m perusing the RSA site looking for interesting things that my fellow non-attendees can look at. And before you ask – no I couldn’t watch the live streaming of the RSA... READ MORE›
January 27, 2015
If you are like most CISOs who are starting or scaling up application security programs, you will run into the challenges listed in this infographic. When you think about it, all of these challenges are interconnected. The traditional approach of assessing applications with tools requiring security expertise isn’t currently scaling up to assess the volume of applications being... READ MORE›
December 4, 2014
Iain Sutherland, as Managing Director of Information Security Solutions, recruits security executives for large enterprises. He has a front row view of how the role of security executives and the skills that enterprises value for the CISO position have changed over the last few years. When I met Iain a few weeks ago he pointed out that having a list of security certification acronyms... READ MORE›
November 25, 2014
The path of least resistance for cyber-criminals is often to attack well-known vulnerabilities in enterprise-developed web and mobile applications. This infographic shows that large enterprises have thousands of applications to address in order to minimize the risk of a data breach. On average, enterprises spend $1.65 million to test 37% of their applications for security vulnerabilities commonly... READ MORE›
July 25, 2014
188592_s-1_2.jpg Does this resemble your application security program's coverage? We can help. Another day another web application breach hits the news. This time ITWorld reports Hackers steal user data from the European Central Bank website, ask for money. I can’t say that I’m surprised. Although vulnerabilities (SQL Injection, cross-site-scripting, etc.)... READ MORE›
July 8, 2014
unchecked-growth-applications_2.jpg This year I’m working with IDG to survey enterprises to understand their application portfolio, how it’s changing and what firms are doing to secure their application infrastructure. The study found that on average enterprises expect to develop over 340 new applications in the 12 months. As someone that has been working in and around the enterprise... READ MORE›
June 24, 2014
21906762_m_2.jpg The IDG study found that more than sixty percent of internally developed applications are not assessed for critical security vulnerabilities such as SQL Injection. Later this week I’ll be joining IDG Market Research Manager, Perry Laberis for a webinar to discuss a study on how application infrastructures are changing and how security teams will keep up... READ MORE›
March 28, 2014
7638108_m_2.jpg Every year the world seems to grow a little more regulated – and punitive. We’re now seeing banks suing retailers and compliance management firms over PCI assessments. And the recent breach in question appears to be related to insufficient controls around third-party suppliers. According to the Verizon PCI Compliance Report, 84% of organizations that suffered a data... READ MORE›
February 27, 2014
RSA-Booth_0.jpg So once again, I’m not attending RSA. While my counterparts are working our booth in their new Veracode kicks, and meeting with customers, I’m perusing the RSA conference videos and podcasts for interesting things to read. The Risk and Responsibility in a Hyper-Connected World podcast got my attention – mostly because it promised some... READ MORE›