Cyber Security Concerns in the Mergers & Acquisitions Due Diligence Process

With data breaches remaining a steady concern across industries, far too many Mergers & Acquisitions teams are ignoring information security as a key piece of data for decision making. How secure is the company potentially being merged with or acquired? What happens to the value of the target company if a breach occurs, or is discovered to have already happened? Could that company pose a security liability to whoever is merging with or acquiring it? Continue reading

Building an Enterprise Open Source Intelligence (OSINT) Program

“Information is power. Do you know what the Internet says about your company?”

Back in 2009 I gave a well-received talk called “Enterprise Open Source Intelligence (OSINT) Gathering” to several conferences and local security groups. More recently, I’ve been part of many discussions with my clients and others in the security community about the increase of company confidential information that is posted by employees, competitors, or even adversaries on the Internet. These conversations have prompted me to revisit this topic to see where we stand since I looked at this several years ago. The short answer is that things have changed, and in many ways quite drastically. Continue reading

2014 Best Predictions for Privacy (and Security)

Each year about this time, I pull out my foggy crystal ball and prognosticate the future of Privacy and Security! For data privacy and security professionals, this year offers optimism, but with looming mid-term elections and recent significant data breaches, only subtle privacy improvements are likely. Through that lens, here is the 3rd Annual Top 10 Privacy/Security Trends for 2014. Continue reading

Beyond Security: Part 2

Strategic vs. tactical thinking, is a common misconception in security. Many security professionals believe that by completing tactical functions they are ultimately achieving strategic goals. The idea introduced in part one of this series is that thinking strategically is about aligning the business objectives to the activities that security is providing for the business. Continue reading

Beyond Security: Why the Cybersecurity Industry Needs Strategic Thinkers

Recently, I sat down with my attack and penetration team (the guys that break into stuff), and I was reminiscing about the old days of penetration testing. It got me to start thinking that, as the industry evolves and shifts toward technology to provide for the commoditized tasks, the industry needs to shift away from the monotonous work of running tools to more strategic thinking. Continue reading