I’m a big fan of tokenization and end to end encryption (E2E2).  Read More →

We’ve been hearing about the Aurora attacks on Google and a host of other companies since early January.  Read More →

One of the things I don’t believe we see enough of in the security field is independent testing.  Read More →

As a PCI QSA, one of the big technologies I’m looking at this show is end-to-end encryption (E2EE).  Read More →

My friend Alex Hutton and the rest of the RISK Team at Verizon Business have done it again! This time rather than release a report about breaches however, they’ve release the Verizon Incident Sharing Metrics Framework ( VerIS for short ).    All the awesomeness that went into creating the 2009 Verizon Breach Report is being shared with the incident response community so that we can compare apples to apples when it comes to compromises. ... 

Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to  Read More →