Follow-ups to “A Myth of An Expert Generalist”:
- Is a CISO an expert generalist? has good insight on whether a CISO is such expert generalist (no, he is not: he is an expert in “security leadership” [well, should be])
- “Thoughts on Security Careers” from Richard explains why in some cases “broader skills” –> “recipe for disaster.”
Follow-ups to “Is Risk Just Too Risky?”
- “Risk-less security” from SecurityBalance has gems like “discussions about decision making (risk based vs. others) is the only thing interesting for me today on the security field” and “if PCI DSS is working, it’s certainly not because of those approaching it with a checklist based mind. It is because it is a quite good prescriptive standard.” Overall, this post exudes awesomeness.
- “Mandating Protection, Society and Seatbelts” uses my favorite analogy - seatbelts (namely, people don’t do it due to unknown risk of death, but do it due to $50 fine). In other words, this is a must-read too.
Misc fun interview with me (it has some fun bits e.g. the one on the [embarrassing :-)] first job I had…):
Possibly related posts:
Obligatory “added everywhere” posts :-)
- I am not at Qualys anymore and looking for the next big security idea to work on! Meanwhile, I am available for fun consulting projects related to PCI DSS, log management or other fun security things.