Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Subscribe to Doug Lane
Subscribe to Doug Lane
<100 subscribers
<100 subscribers
Share Dialog
Share Dialog
Yesterday, I shared a few reasons why digital supply chain security should be top of mind for security leaders and vendors that support them.
In addition to the challenge of extending security across company boundaries, supply chain security is complicated by the fact that it comes in many different flavors.
I can think of at least four:
1. Software vulnerabilities: Does third-party software I use to build my products or run my business have vulnerabilities? (Think SolarWinds and Log4Shell.)
2. Hardware vulnerabilities: Does my product include third-party hardware that has hidden vulnerabilities? (Think Spectre and Meltdown.)
3. Platform provider compromises: If one of my cloud or SaaS providers is breached, will my sensitive data be compromised? (Think Okta today and Hubspot a few days ago.)
4. Partner infrastructure compromises: If a supply chain partner is breached, will it provide a possible entry point into my infrastructure? (Think infamous Target breach that originated with a small HVAC vendor.)
In short, digital supply chain security is a complex problem that nearly all security buyers now face. And there's lots of evidence that it can't be ignored.
-Doug
Yesterday, I shared a few reasons why digital supply chain security should be top of mind for security leaders and vendors that support them.
In addition to the challenge of extending security across company boundaries, supply chain security is complicated by the fact that it comes in many different flavors.
I can think of at least four:
1. Software vulnerabilities: Does third-party software I use to build my products or run my business have vulnerabilities? (Think SolarWinds and Log4Shell.)
2. Hardware vulnerabilities: Does my product include third-party hardware that has hidden vulnerabilities? (Think Spectre and Meltdown.)
3. Platform provider compromises: If one of my cloud or SaaS providers is breached, will my sensitive data be compromised? (Think Okta today and Hubspot a few days ago.)
4. Partner infrastructure compromises: If a supply chain partner is breached, will it provide a possible entry point into my infrastructure? (Think infamous Target breach that originated with a small HVAC vendor.)
In short, digital supply chain security is a complex problem that nearly all security buyers now face. And there's lots of evidence that it can't be ignored.
-Doug
No activity yet