When I first stepped into the CISO role, I had the tremendous benefit of receiving help and advice from a number of seasoned CISOs and CSOs. Having now filled roles for several years, there are a number of things (in no particular order) learned from my experience that I would like to pass along to others. Teamwork is cruical Building rapport and working relationships, both internally and externally, are very important. You… Read More

How do you define or measure the state of security within your organization? This is the age old question that business leaders and information security professional have been struggling with for some time. The many factors that determine one’s security posture can differ widely between organizations. There is no “one size fits all” that works for everyone. Over the years, various security frameworks have been developed to assist with establishing a healthy… Read More

Similar in some ways to a network firewall, a web application firewall (WAF) is a device (or in some cases a service), purpose-built to protect web applications. Instead of filtering requests at the network level with rules based on IP addresses and network protocols, WAFs understand http requests and responses at the application layer. WAF rules are crafted to identify anomalous http requests, and take action accordingly. While very powerful and useful,… Read More