Let’s not waste time. Yes, accountability in cybersecurity is broken. Badly. In fact, it’s been broken for a long time. We talk a big game in this industry about “responsibility” and “doing the right thing,” but when something goes wrong–when someone gets hurt, when data is stolen, when systems fail–who’s actually held accountable? Rarely the people who should. And that’s the problem. Responsibility ≠ Accountability…
Some nights I sit back, sip my coffee (or whatever’s strong enough to keep me from flipping tables), and let the question roll around in my head like it owns the place: Does any of this actually matter? I’ve been in this game long enough to know how the sausage is made. Security programs built on duct tape and prayers. Execs who think “acceptable risk”…
We’ve got a serious problem in this industry. Not the kind that shows up on a risk register or a compliance checklist. I’m talking about the complete lack of real accountability when information security fails. The Same Old Story Massive breach? No worries. Slap together a PR statement filled with buzzwords (“sophisticated threat actor,” “zero-day vulnerability,” “we take your security seriously”), toss a CISO under…
Bullshit. We’re swimming in it. It’s everywhere—on TV, in boardrooms, on social media, in politics, in the security industry (oh, especially here), and even in everyday conversations. It’s so pervasive that most people don’t even notice it anymore. But here’s the thing: bullshit matters. And not in a good way. Bullshit isn’t just harmless fluff. It’s the grease that makes lies slip by unnoticed. It’s…
You’ve probably heard me say this many times: Information security is NOT about information or security as much as it is about PEOPLE. When I say this, people usually nod their head in agreement, but beyond that it might seem like nothing more than a catchphrase. It’s not. Pithy catchphrases are mostly useless. This quote is a deep personal truth, rooted in a story….
I’ll cut to the chase. The best leadership advice I ever received came from my father in these twelve simple words: “If I have to tell you to do something, it’s too late.” These words have had a tremendous impact on my life as a leader (at work and at home). Impact is better understood in context, so let me lay this out real…
A news article caught my eye this morning while getting ready for this episode of the UNSECURITY Podcast. US Strategic Command Twitter account accessed by child: report Link: https://www.foxnews.com/us/us-strategic-command-twitter-account-accessed-by-small-child-report My first thought was “oh, that’s funny and sorta cute.” Then I thought some more. It seems innocent(ish) to walk away from your computer while you’re at home. What could happen? Well, this could happen, but…
Spring has sprung! The first day of Spring was Saturday, March 20th. If you’re from Minnesota like Brad and I are, you’re happy about this. Speaking of Brad, he’s back this week! Let’s get right to it, show notes for episode 124 of the UNSECURITY Podcast… SHOW NOTES – Episode 124 – Tuesday March 23rd, 2021 Opening [Evan] Welcome listeners! Thanks for tuning into this…
Happy St. Patrick’s Day! For those of you who aren’t into this holiday (for whatever reason), Happy (everyday) Day! This has been a week full of great experiences and awesome conversations with wonderful people. It’s the people we serve who inspire us to work as hard as we do. Here’s a small sampling: Daytona Bike Week (last week) – if you’ve never been to a…
Only 46 more days. It’s almost time to start the FRSecure CISSP Mentor Program! As of yesterday (2/23/21), we have more than 3,500 registered students for the 2021 class. That’s awesome! (and a little nuts) For context, we started the program in 2010 with six students. At the time, FRSecure was a teeny startup (3 employees), but our size didn’t matter. We started with a…