Stories by Mathias Thurman

Deciding how to spend a $10K windfall wisely

We have a lean IT department. Its budget is well below the industry average, and my security budget is only about 3% of that. So, as you can imagine, I didn't hesitate to say yes when I was asked this week if I could spend $10,000 before the end of the month.

Written by Mathias Thurman08 Nov. 11 02:59

Getting the most out of a new SIEM tool

The CIO continues to question the value of our $250,000 investment in a <a href="">security incident and event management</a> (SIEM) tool. I want more money in the budget next year to expand SIEM deployment to other areas of the world, and he wants to know what he'll get for that money.

Written by Mathias Thurman12 Oct. 11 03:20

Security manager's journal: The perils of enterprise search

I'm a big fan of search. The ability to use the Internet to cull information on virtually any topic with just a few clicks has made me more efficient and better informed. And "information" can come in the form of pictures, documents, videos, news feeds -- whatever you need.

Written by Mathias Thurman19 July 11 04:48

Giving cloud storage the axe

Want to know what keeps me, my company's go-to security guy, awake at night? Many things, I can assure you, but lately the No. 1 threat to a good night's sleep has been the proliferation of Software as a Service (SaaS)at my company.

Written by Mathias Thurman07 June 11 01:47

Security manager's journal: Keeping in-house code safe

We have a major problem, which explains why I'm sitting in an airport right now. I'm heading off to visit some third parties that develop portions of our software for us.

Written by Mathias Thurman19 April 11 05:12

New firewalls should increase protection

This week, my company began deploying new firewalls. The old ones have been in place for more than six years; the new ones will allow us to take advantage of the next generation of features.

Written by Mathias Thurman08 March 11 07:06

Lifting rocks and seeing what dangers lurk beneath

I'm still getting acquainted with my new company. As a security manager, that means I'm seeking out all the risks that are lurking in various functional areas.

Written by Mathias Thurman25 Jan. 11 03:43

Security manager's journal: Heading for the clouds

What makes a good information security professional? I think it's starting at the bottom and working your way up, occupying various positions along the way and obtaining skills in every one of them. It's understanding the business and having the ability to influence others. It's having a breadth of knowledge in various business sectors.

Written by Mathias Thurman23 Nov. 10 05:38

Looking gift iPads in the mouth

My company had excellent news last week, announcing stellar earnings. It was especially welcome after a difficult year of budget cuts, layoffs and a general decline in morale. To address that last issue, the company decided to give every employee a gift, and I'm not talking about a $25 Starbucks gift card. No, the plan was to hand out brand-new iPads to everybody. What could be cooler, right?

Written by Mathias Thurman28 Sept. 10 00:35

Security Manager's Journal: Without patch management, you are nothing.

Does it all come down to patch management? As a security manager, I pursue many initiatives, striving to protect the company on many fronts. But patch management is a key metric of our risk exposure, since there is a direct correlation between security incidents and patch compliance. So, in a way, it does all come down to something as basic as patch management, because if we fail there, we can't be secure.

Written by Mathias Thurman08 June 10 01:19