How to Land a Job in Information Security

This blog post was originally published on In July of 2011, the unemployment rate reported by information security analysts was a striking 0%. Not only were information security analysts reporting steady employment, they even reported an increase of 6,000 jobs between the first and second quarter of the same year. Two and a half years later, the Pentagon […]

Access Management

Access management is one of the more complex areas of information security management. Users and passwords, systems and applications, servers and workstations, wired and wireless networks, physical locations and Internet-facing systems… access management covers all of these elements and more. If you’ve read the article on Policy Management, you’re keenly aware of the importance of information security policies. […]

Security Operations Management

Information security isn’t a destination. It’s a journey. If you’ve read the article on Security Organization Management, you’re already aware of many critical information security controls that every business owner should implement. You’ve probably also come to the understanding that these controls aren’t going to maintain themselves. Someone is going to be tasked with day-to-security information security operations, and that someone will need to […]

Too Many Passwords? Time For a Password Safe.

Ballpark estimate: How many usernames and passwords do you have? If you answered, “Entirely too many!” you’re not alone. Passwords are an ancient technology that we’ve adapted over the centuries and still use today to control access to systems and applications. With the explosion of online services over the past few years, each one maintaining […]

Time to Replace Adobe Reader?

The folks over at FireEye discovered a new 0-day vulnerability in Adobe Reader, a vulnerability that’s already being exploited by attackers. By tricking users into opening a malicious PDF files, attackers could potentially open a connection between the user’s machine and their own. Adobe Reader is everywhere. That’s why it’s such a high profile target […]

Physical Security Management

When it comes to protecting your IT assets, it’s important to understand that the physical security perimeter is as important as your network security perimeter. You need to ensure that the systems hosting your business critical data are secured from remote attacks, but what good are those controls if someone can walk in off the […]

7 Security Apps That Every Windows User Needs to Have

In December of 2011, Microsoft estimated that there were 1.25 billion Windows users worldwide. Billion. With Windows still dominating the desktop operating systems market share, the Internet has become a goldmine for criminals. All though’s PC’s, online 24 hours a day, 365 days a year… Windows users don’t have to go running and screaming to […]

HR Security Management

In the article on Security Organization Management, we discussed the importance of assigning the responsibility of day-to-day information security tasks to a person (or ideally, to a team of people). But how do you know when you’ve found the right person for the job? An important first step is to document your information security job descriptions. In my experience, […]

When Was The Last Time Your Googled Yourself?

Come on. Admit it. There’s nothing to be ashamed of. You Google yourself, don’t you? If not, you should. Here’s how: Open a web browser Go to Type in your first name and last name in quotation marks, like this: “Larry Page” Google earned $50 billion in 2012. Any company that pulls down that […]