Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.
Rafal (Principal, Strategic Security Services)
DtR Podcast Episode 26 is with the man many of you love to hate on - but he's doing a phenomenal job ... hear his story as Adobe's Brad Arkin tells you about "Software Security Under Pressure"...
This blog is a guest-post by Olivier Jacques who read my "The Secrets of Incorporating Security into Functional Testing" post and offered up one solution to this very issue, using HP assets and technology. It's an attempt to provide a real-world solution to a big challenge many of us are facing - give it a read!
I just left Dublin, Ireland and OWASP AppSec Ireland '12 ...and have this little summary for those interested. It was a great conference, short as it was, which filled me with hope for the future and gave me a renewed sense of optimism that maybe, just maybe, security can finally stop being an after-thought.
Episode 21 of Down the Rabbithole is now live!
This time I got the pleasure of sitting down and continuing a Twitter conversation with Nick Galbreath, James Wickett, and Olivier Saudan - to talk about what it means to 'deploy faster' in a fast-paced world of technology.
We're talking DevOps, continuous deployment strategies, Application Security and a sane way to do it all while getting the 'big risk picture' that doesn't only include security and hackers...
Each of these guests has a background in Information Security, each bringing their own tint of enterprise development, deployment, operations and security ... and it sparked a fantastic conversation that I think everyone can learn from. I invite you to give this episode a try, and shoot back some feedback!