We all know about Shadow IT, and we know it is a big issue (bigger these days with the ease of workload deployment in the cloud). But are we also aware that there is Shadow Security? What is Shadow Security, and is it a problem? Here's my take on today's #CyberSunday.

#shadowit #shadowsecurity #cloud #cloudsecurity #workloads #risk #cybersecurity 

Knowing your audience when you're giving information about your #cybersecurity program, efforts, etc. is extremely important. Are they technical? Are they even in the field? Is the information helpful to YOU or to THEM?  Make sure you're not wasting their time or yours by taking into consideration to whom you are speaking before you actually speak.

On today's #CyberSunday, I talk about three real scenarios in which I have been involved where the audience was not fully taken into consideration, and a bit of the fallout each time.

#KnowYourAudience

Operational/Operations Security is the practice of making sure sensitive data/information about your operations doesn't leak out. in today's #CyberSunday, I give a few real examples of OpSec failure I have noticed recently and what some of the consequences could be.

#OpSec #cybersecurity

A friend of mine recently experienced a #breach in his organization. There were two lessons that stood out to me as he was going through the post-mortem, and I'm sharing them on today's #cybersunday.

#Cybersecurity #lifelessons 

It's flooding a bit in Houston, and that made me... of course... think of #cybersecurity. On today's #CyberSunday, I am talking about making sure you pay attention to the small things in your program, so that they don't turn into bigger things.

Credential stuffing is an often-used attack. But for the love of all that is holy, your master password in your password manager should not be susceptible to this!!! Today, I talk about what credential stuffing is, what password manager has been hit by it recently, and generally get grumpy about the whole thing.

#CyberSunday #credentialstuffing #bigmistake #cybersecurity

The CI/CD OWASP Top 10 came out last month (not sure how I missed that!). What does that mean? Well, that depends on what you're responsible for in the CI/CD pipeline! Here are some thoughts form me on the topic on today's #CyberSunday.

#cicd #cicdpipelines #owasp #owasptop10 #development #appsec

The holidays should be a time to celebrate food, friends, and family (and football). Maybe this is also a good time to measure the effectiveness of your #managedsecurity provider.

#mdr #securitymetrics #Thanksgiving #cybersecurity #CyberSunday

How you set priorities around building a #cybersecurity program differs based on your perspective. On today's #cybersunday, I talk about how the perspective of the advisor must be tempered by the perspective of the practitioner working day-to-day in the trenches.

#prioritization #perspective

I was quoted in an article last week about the latest CISA directive on #assetmanagement and #vulnerabilitymanagement (link below). I was the cynical voice in that article, and I wanted to explain a little more on this #CyberSunday about whether these two #cybersecurity #fundamentals should be paired as closely as they are by #CISA.

Link to article: https://securityboulevard.com/2022/10/cisa-directs-federal-agencies-to-boost-system-visibility/