Job Opportunity: Secure Mentem

Hey folks! Secure Mentem is hiring! If you have any interest in working in a top-notch org doing security awareness as a service, then this is it! Details below:

Secure Mentem is looking for skilled security awareness practitioners to help serve our growing customer base from the Fortune 500 and beyond. The people will be expected to implement our patent-pending methodology of creating awareness programs, and providing the required level of support in implementing and maintaining the resulting programs.
You will use our proprietary assessment tools to determine the organizational culture and business driver, and then working with our team, design the customized program. Should there be a security awareness manager (SAM) in place, you will work to make that person look brilliant. If there is no SAM, then you will provide the defined level of support to help implement and maintain the program. You may also be called on to help clients with independent awareness efforts such as program design, implementation, internationalization, metrics, phishing program implementation, creating and/or staffing events, social engineering, content development, and other tasks associated with security awareness programs. Experience in multiple organizations and multiple industry sectors preferred.
Secure Mentem focuses on the human aspects of security. We pride ourselves on providing comprehensive security awareness solutions that are tailored to our clients' culture and the organization.
To apply, please send your resume, with a cover letter, to Samantha@securementem.com.
Things That Aren't Risk Assessments
In my ongoing battle against the misuse of the term "risk," I wanted to spend a little time here pontificating on various activities that ARE NOT "risk assessments." We all too often hear just about every scan or questionnaire described as a "risk assessment," and yet when you get down to it, they're not.

Continue reading here...

A few highlights of new research...

New Research: Security in a DevOps World
Hot off the presses, new research from Sean Kenefick and me titled "Security in a DevOps World," which is available to Gartner for Tech Professionals subscribers at www.gartner.com/document/2725217.

Continue reading here...

Where I'll Be: Spring/Summer 2014 Events
A quick post... I'll be traveling a bit this Spring and Summer to speak at a number of events. For non-Gartner events, we're actively looking for GTP sales opportunities, so if you've been thinking about getting a subscription to Gartner for Technical Professionals, this could be your chance to meet face-to-face to discuss! :) For Gartner events, I will be available for 1-on-1s, as well as sales support as needed.

Continue reading here...

GBN: Discussing RA Methods with CERT

Discussing RA Methods with CERT
In follow-up to our paper, "Comparing Methodologies for IT Risk Assessment and Analysis" (GTP subscription required), Erik Heidt and I were given the wonderful opportunity to be guests on the CERT Podcast to discuss the work.

Continue reading here...

Incomplete Thought: The Unbearable "Bear Escape" Analogy
"You don't have to run faster than the bear to get away. You just have to run faster than the guy next to you."
The problem with this analogy is that we're not running from a single bear. It's more like a drone army of bears, which are able to select multiple targets at once (pun intended). As such, there's really no way to escape "the bear" because there's no such thing. And don't get me started on trying to escape the pandas...

Continue reading here...

GBN: Join Us! SRMS has an opening!

Join Us! SRMS has an opening!
We're hiring for the Security & Risk Management Strategies (SRMS) team within Gartner for Technical Professionals. Full details here.

Continue reading here...

RSA 2014 Round-up: From Predictive Analytics to Denied Taco Service
One of the most challenging aspects of attending RSA each year is not just attending, but also recovering from, RSA each year. :) It occurs to me as I finally get this recap post drafted that it's been almost two weeks since I returned and am only now getting a chance to put virtual pen to virtual paper to share my thoughts from the event. So, here goes... :)

Continue reading here...

Fatal Exception Error: The Risk Register
I read this article a few weeks ago and set it aside to revisit. In it, the author states that "Risk management used to be someone else's job." and then later concludes that "...in a global business arena that is increasingly unforgiving when it comes to missteps, the message is clear: Everyone--including you--now has to be a vigilant risk manager." Yes, well, sort of, maybe, kind of... hmmm...

Continue reading here...

GBN: Patch Your Internet Router/Gateway!

Patch Your Internet Router/Gateway!
Just a friendly fyi... if you're running an Internet router/gateway from Asus or Linksys, please make sure that you've updated the firmware recently! In some ways, this strikes me as another example of attacks on the Internet of Things (IoT). If you've been following IoT attack trends, then you may have read about the possibility that a refridgerator may have be found sending out spam.

Continue reading here...

My Other Pages

Support Me

Support EFF


Bloggers' Rights at EFF

Recent Comments

  • Danniel: SANS Top 20 controls are not controls. Its like a read more
  • Ben: I hope that it's not so dire. I think there read more
  • Tunde: The question at the back of mind now is: How read more
  • Dan Raywood: I met you at the Barracuda party, introduced myself with read more
  • Ben: Hi Jack, Thanks for the comment. I've read the context read more
  • Jack Whitsitt: Ben - while you're correct in almost all of your read more
  • Ben: Hi Amith, This review is now near 4 years old. read more
  • Amith Sarma: Hi Ben, A very valuable feedback on the book. Thanks. read more
  • Ben: Hmmm, thanks for catching that, Rob! I was going off read more
  • Robert David Graham: Minor correction: Dell was founded in 1984, not 1994. read more

Archives

Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.2.10