Chris Mark in “Using Security Metrics” Book June 9, 2016
Posted by Chris Mark in cybersecurity, Uncategorized.Tags: Chris Mark, cyber, hack, network, risk, security, Security Metics, Tenable
add a comment
A number of months ago I was interviewed regarding my opinion on the effectiveness of security metrics. I was notified today that the eBook has been published. Titled “Using Security Metrics” the book includes 33 authors and according to the publisher:
“We asked 33 security experts how they communicate security program effectiveness to business executives and the Board.
They share their recommendations and best practices in this ebook. If you’re a security professional, you’ll find their insights indispensable for helping you better communicate with business executives and Board members who often do not speak the security language. Download this ebook to learn about:
- Security Metrics That Tell a Story to the Board
- Security Metrics That Help Boards Assess Risk
- Security Metrics for Threat Management
- Security Metrics that Drive Action in the Financial Services Industry
My contribution can be found starting on page 39. You can download the eBook here!.
Chris Mark Speaking at OpenEdge 2016 Partner Advisory Board May 27, 2016
Posted by Chris Mark in cyberespionage, cybersecurity, Uncategorized.Tags: Chris Mark, cybersecurity, dark web, data breach, Global Payments, KeyNote, OpenEdge
add a comment
I am honored to have been asked to present as the keynote speaker at the OpenEdge 2016 Partner Advisory Board on June 6th, in Chicago, Il. I will be speaking on the state of cybercrime today and provide a live demonstration of the Dark Web as well as a description of how cyber thieves steal and use payment card data. It should be a fun event for everyone! If you are an OpenEdge Partner please consider attending!
“The United States is Under Attack” – CyberWar Article May 23, 2016
Posted by Chris Mark in cyberespionage, cybersecurity, Uncategorized.Tags: Breach, china, cyber, espionage, hack, Intellectual Property, IP Theft
add a comment
The title was a comment made in 2011 by the US House of Representatives.
In cleaning out my house for an impending move I found a copy of The Counter Terorist Magazine for which I had written an article in 2013 titled “CyberWar”.While the article is 3 years old, it still provides some valuable information and valuable lessons on the current state of Cyber War. The US Congress has has several sessions and working groups to discuss “The Chinese Problem” related to cyber espionage and Cyber War. You can learn more by reading my article!
1,000,000 InfoSec Job Openings in 2016! May 10, 2016
Posted by Chris Mark in cybersecurity, Industry News, InfoSec & Privacy.Tags: assurance, Breach, careers, Chris Mark, hack, information, job market, PCI, security
add a comment
A recent article in Forbes Magazine outlines the current and projected information security job market. According to the article the current job market is valued at $75 billion and is expected to grow to $170 Billion by 220. More profoundly, CISCO estimates that there are currently 1 million InfoSec job openings in the US with, according to Peninsula Press, 209,000 currently unfilled! According to Virginia Lehmkuhl-Dakhwe, director of the Jay Pinson STEM Education Center at San Jose State University “The number of jobs in information security is going to grow tenfold in the next 10 years,”
I have been fortunate to have had a great career in information security over the past 15 years. While my experience is unique, I have had opportunity to travel the World and work with some of the largest, and most complex companies around. I have spoken at scores of events and have published dozens of articles and white papers.
Last year I wrote a blog post about how to get into the InfoSec career field. Two things that many people may want to know off the bat. 1) a College Degree is NOT required (although often very helpful) and 2) The pay is VERY good. (basic supply and demand). In my experience most people could probably get into the field with anywhere from 9-18 months of self-study. You can get in quicker if you attend course. For more information, please read my blog post: Getting Info Information Assurance Careers.
Chris Mark in July 2014 of TransactionWorld (Proximate Reality) July 1, 2014
Posted by Chris Mark in cybersecurity.Tags: adaptive, Breach, Chris Mark, cyber, decision science, proximate reality, security, threats
2 comments
July’s issue of TransactionWorld Magazine was just released. Click here to read my latest article, “Understanding Proximate Reality to Improve Security” Here is a preview..
“Various reports are published annually that analyze data breaches, opine on the root causes of the data theft and frequently ascribe blame to one party or another. It always invites scrutiny when a well-known security firm or analyst makes a definitive statement such as “X% of breaches could have been prevented through the implementation of basic controls, such as patching.”
This position is not only inconsistent with accepted risk management practices, but also confuses the basic concepts of correlation and causation while ignoring the very human element of adaptation. Unfortunately, companies that subscribe to these simplistic views of the industry and threats are exposing themselves to very real dangers. As supported by the increasing number of breaches identified each year, information security is no longer a domain for amateurs and requires the application of lessons learned from domains such as intelligence, anti-terrorism, and decision science to make effective decisions.
Two important concepts borrowed from the intelligence and anti-terrorism domains can be used to help CSOs and others make relevant decisions related to their risk posture and other aspects of data security. These concepts are known as Proximate Reality and Adaptive Threats.” Read More!
Global Security, Privacy, & Risk Management 