Leadership
Can you lose maybe 25 million peoples vaults and still claim to be a secure secret management company? Does that even fly? Does it matter that you lose all the metadata (IP access logs), URLs and vast amounts of other metdata but don’t worry ~5 fields are encrypted so as long as your master password is never cracked… yawn…
Leadership
Wow a big question, right? I can’t answer this for you, obviously I’d recommend that you consider cyber insurance, however I’d also recommend that you:
I’m not going to write lots this evening on the subject, but I was reviewing a report and thought in line with some research that I started recently (but was side-tracked) and then have seen the report so purchased that instead! (Sometimes it’s easier to not do everything yourself right!)
Read more “Cyber Insurance: How would I decide to buy it or not?”
Defense
It is a blur so far, I figured after the last place the grass would be greener, surely no one else has that many security challenges. I did some due diligence during the interview process, they seemed very confident about having certifications and that they took security seriously. hell, that should have set some red flags off but even the cynical sometimes hope that it is as someone says.
I have started to work myself around the board and I am making friends with people, my diary is filled with zoom calls and my notebook is already many pages deep.
You cannot make this stuff up though, day two and I’ve dealing with a business email compromise incident, the phishing page was not even in good English but then it only takes a second or so whilst in a meeting to not quite realise your running on autopilot so you cannot blame people. Hell, the branding was copied so we know it was a targeted phish. It would have been nice to at least had centralised logs for the team to analyse though. Read more “The grass is always greener, until it is not”