Just got to the hotel in Aberdeen. Getting into the groove, and I felt compelled to share an update with you all. Compelled mainly because I haven’t been able to write here nearly as much as I had intended. It’s not unusual for me to bite off a little (or a lot) more than I can chew.
No matter. It is what it is. If I could learn to say no more often, I’d probably be healthier.
Current (or Recent) Things
Here’s some of things going on in this guy’s work life:
- Running FRSecure, sort of. I’m the CEO here, but I’m not the person who get’s things done. I say “sort of” because I’ve been blessed with an INCREDIBLE leadership team who truly runs the best company in our industry. I love what they’re doing and they’re breaking records every month.
- Running SecurityStudio, sort of. I’m the CEO here too. Like FRSecure, I’m not the person who get’s things done. I’m a little more involved with SecurityStudio because it’s such a young company. Awesome, awesome, awesome leaders here and it’s so much fun to watch this company grow. VENDEFENSE is attracting new customers every week, and there is some really exciting news coming soon!
- The UNSECURITY: Information Security for Normal People book is behind schedule right now, so I need to focus more attention on completing the draft/manuscript. This will take up most of my time for the next few weeks or so. I’m really excited about this book, mostly because of the audience it’s intended for and the plain-Englishness of it all. I’m hoping it will resonate with “normal” people and help them better, more secure lives.
- The So You Want to Get into Security? series of articles is complete, and I’ve compiled the articles into a simple free eBook. I’d never published an eBook to iTunes before, and it was a fun exercise to learn. I’ll plan on making more, and better quality eBooks available in the future. Check out this one, if you don’t mine, and let me know what you think.
- The UNSECURITY Podcast is going well, but it’s a struggle to do a weekly one hour show sometimes. Feeling like we’re dragging @55 a little bit, but we’ll get back into the groove. My show notes have been a couple days late the last two weeks (vacation and work travel), but that should get back on track soon. We’ve done 19 consecutive weekly shows so far and we’ve learned a lot, but we’ve still got a ways to go before it really feels dialed in. Please be patient with us (me and Brad Nigh). We’re committed to creating a really good show and we’ll keep at it.
- I’ve written a few more articles lately for other publications. Some are better than others:
- Simplify Your Information Security And Privacy Frameworks, written for Forbes.
- How to Enhance Information Security Efforts – The “Assumed Breach” Approach to TPISRM, written for Corporate Compliance Insights (CCI)
- No Easy Button Solution To Cybersecurity’s Skills Shortage, written for Cyber Security Intelligence
- I’m coming up on my one-year anniversary as the vCISO for a large, global company. I’m actually the vCISO for only one region, the Americas region that includes Canada, United States, and Mexico. It’s a 40-50 hour/month commitment, but it would be a lot more if there weren’t some awesome people there running the day-to-day operations. Great experience with really good people all around.
- Was at the RSA Conference a couple weeks ago. I had no agenda but to see a friend of mine give his talk and to have lunch with him. Flew in late Thursday night, did what I was there to do, then left Friday afternoon. My friend is Roger Grimes, and he delivered a really good, and very well-attended talk titled 12 Ways to Hack 2FA. Afterwards, we visited (not nearly long enough) for lunch. Roger has an amazing security mind and he’s got impeccable character. We think A LOT alike.
- The first gathering/meeting of the Cloud Security Alliance Minnesota Chapter (CSA MN) Executive Advisory Board met on March 14th, but I was on vacation. Sucked to miss the first meeting, but vacation was scheduled many months ago. I’m excited to help CSA MN make a real impact. Lots of great people involved!
- Trying to stay up with Twitter and LinkedIn feeds. I’m thinking that I sort of suck at social mediaing.
I think that covers most of it.
What’s Coming – Future Things
- Travelling to Aberdeen, South Dakota this week to work with a new client and figure out how we can secure the Ag industry better. We have a lot of work to do in the ag industry!
- The UNSECURITY Podcast episode 20, live from Aberdeen with Shawn Pollard.
- Sometime this week, I’m going to start a new hashtag #100DaysOfSecurityTruth. Each day, for 100 days, I will tweet a new truth. Hoping for some interaction, ideas, suggestions, etc.
- New article for Cyber Security Intelligence about Identity Management. Tim Heath is the CEO over there, and he’s a good dude.
- New article for here (or somewhere) about the bad things about RSA.
- Planning the next Security Summit for my vCISO client. These are always fun. People from all over the region come to meet, learn, teach, and have fun together. The last Security Summit was one full day of incident management training and a second day about identity and access management.
- The next Hacks and Hops event is this week. We didn’t pick the most enthralling topic (third-party security risk management), but it is a critical one. There will be good opportunities to network and learn what work (and what doesn’t). Come if you can.
- Speaking of third-party security risk management, there’s another eBook being planned. The book will be a soup to nuts/zero to hero book; practical advice from starting from scratch —> the best friggin’ program ever, and everything in between. Thinking a few months or so, but it’s on the docket.
- Lots of writing for the next book. I’m already behind a bit, so it’s time to get real on this thing! This is actually the number one priority right now.
- More collaboration with security people I admire. I’d like to collaborate more with Chris Roberts and Roger. I already said a few great things about Roger, but Chris is pretty damn awesome too. More allies = more progress.
I’m sure something else will pop up, but that’s all I can think of right now. If you ask me to do something else, don’t be offended if I graciously decline (for now).
NOTE: The Writing UNSECURITY series of articles – I still intend to finish writing this series, but for now it’s on hold. There are too many other pressing things (the Information Security for Normal People book, other articles, business commitments, speaking engagements, podcasting, and oh yeah… family!) that need focus too. Comes down to priorities, as it should, and this series must take a back seat for now.