Category: Security, Identity, & Compliance

When meeting with security, risk, and compliance executives who have yet to start their cloud transformation or who already have multiple cloud workloads in AWS, I am often asked a version of the following question: “While we agree that the cloud is the new normal, it is different than running security on premise in the […]

In an earlier blog post, I discussed the importance of building a culture of security rather than thinking of security as just the job of the CISO’s team. In this post, I’d like to discuss some ideas on how to build such a culture, drawing on my experiences at USCIS. As CIO, I was the […]

It is no longer sufficient to leave security to a team of specialists who watch over the enterprise’s risk posture and control it through a set of constraining policies. It is not enough to guard the boundaries of the enterprise’s network with firewalls, or to simply implement sets of controls specified in a compliance framework. […]

“It takes 20 years to build a reputation and five minutes to ruin it.” — Warren Buffett I’ve supported compliance and security requirements throughout my technology career. In some cases, these requirements were extremely burdensome — for example, when my team was preparing for a Department of Defense audit, which consumed more than 50% of our time for months […]

“Too many people are thinking of security instead of opportunity. They seem to be more afraid of life than death.” – James F. Bymes Security is a broad topic, and applies in some way to everything that happens in IT. In all of my time working in technology, I’ve found it to be the one […]