Perhaps you’ve received an email with a security questionnaire attached? Did your heart sink when you saw hundreds of rows in a spreadsheet, each populated with a different question regarding the security posture of your organization? Yikes! What do you do with this inquiry? Why are they asking you all these questions? At PSG, [...]
I want to start with thanking the folks at #bsidesbos2020 for having me present this past Saturday. The organizers did a tremendous job pulling off the 10-year anniversary of BSides in Boston! For folks who either missed it in the discord channel or missed the talk – here is the link to the [...]
Hey all, We are happy to announce we have just completed the much anticipated salary study for the rest of New England ( outside metro-Boston ). Let's go over the highlights: Geography Coverage - This study covers from Portland, ME over to Burlington, VT down to New Britain, CT over to Providence, RI and up [...]
Enough Security? Harsh Words and a Story Time to finish up the code walk-through. In our last post, we ended with the concept of “best use of capital”. What I am describing is the concept that the company should be investing its resources (capital) in the places where they reduce the likelihood that [...]
Enough Security: Change for a Dollar Let’s continue on with our discussion about enough security, and focus on outcome #1 from the if-then decision: We need to spend more. If we look at the decision statement ([customer expected security] – [your security] >0), what we are saying is that the customer is demanding [...]
How Much Security is Enough? Projecting Your Inner Coder Why this topic? As many of you know, I am the co-chair of the Mass Technology Leadership Council CISO group here in Boston, and when we were working on 2020 programming, we solicited our partner CTO group for topics that they would like to [...]
Harry, I've Reached the Top Welcome to the last installment of the career ladders blog series. Here we go. Physical Security Ladder Why is this here? It is called convergence. Once upon a time, a decade or so ago, the idea that all security should work for the same person was hatched. It [...]
No, I’ve Been Nervous Lots of Times! It’s time to jump in and review each ladder to give folks some additional insight. Let’s start with: General Knowledge Ladder This purpose of this track is to outline the soft skills that are required for each level. It is meant to be used in conjunction [...]
We Don’t Need No Stinking Ladders! Welcome to part 1 of our 3-part blog series around our recently open-sourced security career ladders. Let’s dive right in. (If you missed the link to our Git repo, you can find it here: https://github.com/product-security-group/Security_Ladders) Why did we do it? To be honest, we did it because [...]
Career Ladders Launch! Hey all, I thought it would be appropriate to kick-off the company blog platform by giving back to the security community. My personal view is that it is the most important thing we can do as leaders and as security professionals. So with that said, I'm happy to announce we [...]
