Posts by Frederick Scholl
Should Your CIO Learn to Code?
This topic came up because of two recent headlines and one new book. The first was the news that the now former Equifax CISO was a music major, without formal college level tech or security training. The second was the recent article in the WSJ highlighting Bank of America’s new Chief Operations and Technology Officer, Cathy Bessant. …
Read MoreHow IT Leaders Can Keep a Seat at the Table
In this era of digital disruption, business leaders are turning to technology to keep up. But, will they continue to turn to traditional IT leaders to map out the future? This is the question addressed by Mark Schwartz’s new book A Seat at the Table. Mr. Schwartz engagingly analyzes the present and provides guidance for IT leaders…
Read MoreEquifax points out—again—the need for speed in security management
The Equifax data breach illustrates again the need for speed in security management. If the breach was through a known vulnerability, we wonder why wasn’t it patched? If through another path, we wonder why wasn’t the attack detected? We have so many incident and event management tools for servers, desktops and networks, it is hard…
Read MoreAnatomy of a Security Breach
In recent Information Security news, The Wall Street Journal reported on the upcoming trial of an alleged botnet master. The trial is in progress now. It is not often that we get a look at the details of a computer security breach, but in this case at least some details are in the docket of the Eastern District of…
Read MoreThe Smartest Information Security Companies
Every year, MIT Technology Review publishes its list of the 50 smartest companies. This year, two information security companies made the list, along with big-time players like Amazon, SpaceX, etc. TR doesn’t publish detailed selection criteria, but they include things like ability to dominate the chosen market and innovative use of technology. The two security…
Read MoreBook Review: Play Bigger
Play Bigger is a new book by entrepreneurs for entrepreneurs (2016, Harper Business). The authors’ theme is that today’s markets are so crowded that you cannot rely on niche marketing into white spaces; you have to create your own white spaces, or “categories”. The goal is to be a “category king”. The idea of niche marketing has…
Read MoreLong Term Beneficiaries of WannaCry
The current worldwide attack from WannaCry is going to have a lasting impact on information security. The question is: what will that be and who will benefit? In this blog post, I will take a contrarian viewpoint and suggest that it will not be beneficial to security practitioners or security businesses. I think business leaders,…
Read MoreRISK: A NEW MOVIE ABOUT JULIAN ASSANGE
Last night I went to a screening of Laura Poitras’s movie about Julian Assange. If you are interested in national security, I highly recommend the film. I had expected a big crowd, but Nashville’s Belcourt was only about 20% full. Love WikiLeaks or hate WikiLeaks, it is likely Assange will continue to be in the…
Read MoreTRADE SECRET THEFT CONTINUES UNABATED
One of the biggest cyber threats that many US companies face is the theft of their intellectual property (IP). This includes trade secrets, patents, software, and copies of tangible goods. The recently released “Update to the IP Commission Report” gives tangible, current information on all four categories. The original report was published in 2013 amidst…
Read MoreTENNESSEE LEGISLATORS MUDDY WATERS AROUND PRIVACY BREACH NOTIFICATION REQUIREMENTS
The Tennessee legislature recently passed a modification to the state privacy breach notification requirements, § 47-18-2107. The modification has been sent to the governor for signature. Unfortunately, the modification just confuses the law’s requirements. The existing code says that a breach notification is required if “unauthorized acquisition of unencrypted computerized data” takes place. The breach…
Read More