Being an InfoSec Professional / Cybersecurity

The other shoe drops: NIST issues version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity

It’s ironic that the new publication from NIST does not have an 800 series numeric designation.   Not that it needs to, but here we all are using those numbers as shorthand (e.g., “I took an 800-30 July 2002 approach because revision 1 from 2012 just seemed too complex for the environment”, “We are looking to … Continue reading

Being an InfoSec Professional / Cybersecurity

Why isn’t this blog more technical

I am getting a fair amount of questions (which is blogger speak for the more introspective “I keep asking myself”): why isn’t this blog more technical?  Why aren’t I persistently advancing threads about advanced persistent threats?  Am I intentionally filtering out packet filter discussions? (note to self: do not turn into cyber security’s answer to … Continue reading