Stories by By Mathias Thurman

The WannaCry scramble

A widespread ransomware attack propagating as a worm was a legitimate cause of alarm.

Written by By Mathias Thurman26 May 17 03:05

Email, email, in the cloud

The transition from on-premises to cloud-based email is an opportunity to tighten security controls.

Written by By Mathias Thurman08 May 17 20:45

Taming the SaaS security wilderness

As rogue applications proliferate, the need to protect corporate data requires new tools.

Written by By Mathias Thurman03 April 17 21:04

RSA Conference is a timesaver

For our manager, the annual security gathering is a great way to get quality time with vendors.

Written by By Mathias Thurman27 Feb. 17 23:23

Getting buy-in to combat risk

A risk council with stakeholders from across the company could be an effective way to get needed resources to mitigate the worst security risks.

Written by By Mathias Thurman13 Feb. 17 22:45

The trouble with third-party assessments

If you let one customer perform security tests against your applications and network, you let yourself in for a lot of headaches.

Written by By Mathias Thurman05 Jan. 17 22:00

Just a test? If only!

The DDoS attack against DNS provider Dyn finds our manager without a backup plan. That’s painful, especially when the plan had been to test incident response soon.

Written by By Mathias Thurman01 Nov. 16 04:29

A nudge from ransomware

Our manager needs to get remote users’ PCs backed up without forcing them to connect to the network, which they rarely have to do these days to do their jobs.

Written by By Mathias Thurman05 Oct. 16 03:05

Trouble spotted on the network

No sophisticated SOC? You can still be pretty sure that you’re aware of anything potentially troublesome.

Written by By Mathias Thurman12 Sept. 16 21:00

SaaS risks come into focus

Sometimes, security risks are hiding in plain sight.

Written by By Mathias Thurman02 Aug. 16 21:00

Let the budget games begin!

Even when top management is enlightened about the importance of good security practices, a security manager needs to go into the budget meeting prepared.

Written by By Mathias Thurman09 June 16 00:11

The post-acquisition blues

The company calls in our manager to take a look around at a small software company it’s acquiring — after the deal has been signed.

Written by By Mathias Thurman28 April 16 23:32

Stop Passing Around Those Passwords!

The company has sanctioned the use of an online password vault, so why is there a spreadsheet making the rounds that contains scores of passwords to servers that contain sensitive data?

Written by By Mathias Thurman30 March 16 23:02