Security Tool Procurement: 3 Keys To Success

Posted by Eric Noonan on Mar 7, 2016 12:47:21 PM

Erics_Tool_Procurement_Blog_Post.jpgSecurity products, or tools, are an important part of the three legged stool of people, processes, and technology. My experience has been that the technology portion of the equation gets most of the attention and a large share of the budget. There are many reasons for this not the least of which is product vendors spending significant money marketing their tools as solutions to the CISO's problems.

Despite all of the money that swirls around tool procurement, success is elusive. Discarded Data Loss Prevention (DLP) investments, over budget identity and access management projects, and underutilized Security Information and Event Management (SIEM) platforms are common outcomes when the focus is exclusively on the technology without consideration of people and processes.


Read More

Topics: Security Program Development, Security Tool Procurement

How Two Multiplayer Games can Make Your Security Program Stronger

Posted by Ross Moir on Mar 4, 2016 9:03:54 AM

Video_Game_Blog_Post.jpgDo a search for video games and information security and you will find countless comparisons to how these two seemingly disparate fields go hand-in-hand.  I really like this article from last summer, as it examined not just video games, but organized sports and their influence on information security experts.  In today’s world, video gaming is a billion dollar industry, there are professional video gamers, amateur video gamers who record their reviews, critiques and tips and put them on YouTube, and then there are the professionals (like me) who unwind from their day by playing a few rounds of Turning Point in Star Wars Battlefront.

While video games may heavily influence the world we live in, there are two specific video games that I think will help make your security program stronger.  I will now explore how these can relate to your organization.


Read More

Topics: Security Program Development, Security Assessment, Information Security

Need Your Security Budget Approved? Two Components to Increase Success

Posted by Mark Walsh on Feb 17, 2016 11:39:18 AM

Marks_Budget_Blog_Post.jpgIn the years before business leaders truly understood cyber risk, requested budgets for cyber security departments were often approved without thoughtful consideration or review.  There was a day when CISO’s could basically say to a CIO, “I can’t tell you how much safer this will make us, and I can’t say we absolutely won’t have a data breach, but I need 3.5 million dollars.”  Most of those inflated numbers were driven by the desire to buy the latest security tools that vendors promised would solve all security problems.  The funds were to be spent, generally, on products and the staff to support them.

CISO’s can no longer expect to have large annual budgets approved without tangible, quantified data to back up the necessity.  The days have passed when budgets were built on fear, uncertainty, and doubt (FUD), empire building, or opportunities to buy the trending tools.  Security funding needs to produce measurable results, or at a minimum, be supported by credible metrics that validate the business needs. 

Read More

Topics: Business, Security, Security Program Development

Security Means Managing What You Already Own First

Posted by Eric Noonan on Dec 11, 2014 8:35:00 PM

A trend that I have picked up on in conversations with CIO’s, CISO’s and other leaders responsible for securing the enterprise is the huge gap between what they need and what many vendors are marketing. Security leaders in the trenches need solutions to optimize and integrate existing tool investments, manage security capabilities in a coordinated way, and a means for engaging in business conversations about the security they deliver. Vendors seem focused on marketing the future and selling more capability into already resource-strapped security teams that can’t even effectively use the tools they already own due to an under investment in people and process.

Read More

Topics: Security Leadership, Security Program Development

How CyberSheath Adds Value...

Posted by Eric Noonan on Feb 28, 2013 8:20:00 PM


Read More

Topics: Roadshows, CyberArk, Business, eGRC, Automation, Security Leadership, RSA ARcher, Security Program Development, Security Assessment

Big Data & The Dentist

Posted by Eric Noonan on Feb 26, 2013 8:23:00 PM


Read More

Topics: Roadshows, Business, eGRC, Security Leadership, Privileged Accounts, RSA ARcher, Security Program Development, Security Assessment