Skip to main content
img

Assessing Vendor Security Risks (with SimpleRisk)

As a CISO for a large enterprise, many times my first engagement with members of our internal teams was when ...

img

Quickly Customize Your Risk Management Program (using SimpleRisk.com)

When I first released SimpleRisk as a free and open source risk management tool at the BSides Austin conference...

img

How to Use Standards to Assess Your Organization's Cybersecurity Maturity (by SimpleRisk)

On March 29, 2019, Alex Polimeni and I presented at the BSides Austin conference on some of the work we've ...

img

GRC is Dead, Long Live GRC!

Recently, a friend sent me a blog post by John A. Wheeler of Gartner entitled "What Ever Happened to GRC?".  In ...

img

Should Vulnerabilities and Risks be Managed in the Same Place?

While the distinctions between vulnerabilities versus risks has been widely documented in various forums, we ...

img

Pricing Integrity and Why We Won't Play the Pricing Games

Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table.  I learned the tricks ...

img

Why Management Doesn't Understand Your Security Woes

Has the number of security issues you deal with on a routine basis ever made you feel a bit like Atlas carrying the ...

img

What do Role Playing and Risk Management have in common?

A couple of weeks ago I participated in a CISO Summit with a focus on the topics of Security Visibility and Incident ...

img

How Does an Asset's Value Affect Your Risk?

Any CISSP will tell you that the way to calculate risk is by taking the likelihood and multiplying it by the impact...

KEEP UP WITH THE LATEST
PRODUCT ANNOUNCEMENTS
AND BLOG POSTS

FOLLOW US

CONTACT US