PSG Blog: Security & Privacy Insights

Sharing educational and insightful content with the security community

How to Answer that Security Questionnaire: Five Tips & Guide

By |October 14th, 2020|Categories: Business|Tags: |

Perhaps you’ve received an email with a security questionnaire attached? Did your heart sink when you saw hundreds of rows in a spreadsheet, each populated with a different question regarding the security posture of your organization? Yikes! What do you do with this inquiry? Why are they asking you all these questions? At PSG, [...]

Follow-up: BSides Boston Talk on “So, You Want to be a CISO”

By |September 30th, 2020|Categories: Business, Strategy|Tags: |

I want to start with thanking the folks at #bsidesbos2020 for having me present this past Saturday. The organizers did a tremendous job pulling off the 10-year anniversary of BSides in Boston! For folks who either missed it in the discord channel or missed the talk – here is the link to the [...]

Enough Security, Part III: Harsh Words and a Story

By |February 17th, 2020|Categories: Business, Strategy|Tags: |

Enough Security? Harsh Words and a Story Time to finish up the code walk-through. In our last post, we ended with the concept of “best use of capital”. What I am describing is the concept that the company should be investing its resources (capital) in the places where they reduce the likelihood that [...]

Enough Security, Part II: Change for a Dollar

By |February 10th, 2020|Categories: Business|Tags: |

Enough Security: Change for a Dollar Let’s continue on with our discussion about enough security, and focus on outcome #1 from the if-then decision: We need to spend more. If we look at the decision statement ([customer expected security] – [your security] >0), what we are saying is that the customer is demanding [...]

Enough Security, Part I: Projecting Your Inner Coder

By |February 3rd, 2020|Categories: Business, Strategy|Tags: |

How Much Security is Enough? Projecting Your Inner Coder Why this topic? As many of you know, I am the co-chair of the Mass Technology Leadership Council CISO group here in Boston, and when we were working on 2020 programming, we solicited our partner CTO group for topics that they would like to [...]

Career Ladders, Part III: Harry, I’ve Reached the Top

By |January 27th, 2020|Categories: Business, Strategy|Tags: |

Harry, I've Reached the Top Welcome to the last installment of the career ladders blog series. Here we go. Physical Security Ladder Why is this here? It is called convergence. Once upon a time, a decade or so ago, the idea that all security should work for the same person was hatched. It [...]

Career Ladders, Part II: No, I’ve Been Nervous Lots of Times!

By |January 20th, 2020|Categories: Business, Strategy|Tags: |

No, I’ve Been Nervous Lots of Times! It’s time to jump in and review each ladder to give folks some additional insight. Let’s start with: General Knowledge Ladder This purpose of this track is to outline the soft skills that are required for each level. It is meant to be used in conjunction [...]

Career Ladders, Part I: We Don’t Need No Stinking Ladders!

By |January 13th, 2020|Categories: Business, Strategy|Tags: |

We Don’t Need No Stinking Ladders! Welcome to part 1 of our 3-part blog series around our recently open-sourced security career ladders. Let’s dive right in. (If you missed the link to our Git repo, you can find it here: https://github.com/product-security-group/Security_Ladders) Why did we do it? To be honest, we did it because [...]

Go to Top