Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Doug LaneMy top security topics
One of the best things about working in cybersecurity is that it's always changing. There are always new things to learn and think about. Here are some of the areas of security that I'm thinking about the most right now:Securing the digital supply chainThe evolution of cloud-native securityInternet of Things (IoT) securityThe human element of securitySecuring web3 and blockchainI'll take them one by one this week and share some quick thoughts on why I think they're interes...
Doug LanePoor man’s Gong
If you’re someone who works with me, you may have noticed that I ask to record our Zoom calls more often than I used to. There’s a reason for this. While I can’t justify the cost of a revenue intelligence platform like Gong for my small shop, I made up my own poor man’s version. Here’s how it works.Download and install Descript. (There’s a free version.)Hit the record button on a Zoom call and pick the “Record on this computer” option.After the Zoom call ends, drag the video file that Zoom sp...
Doug LaneWelcome to the simulation
OK, now that the marketing guy explained what Zero Trust is, let’s get into some ways to give security buyers a plan for it (that hopefully includes some of you). There’s a real danger that this could get boring in a hurry, so here’s what I’m thinking. Over the next few days, I’ll give you my quick take on what I like and don’t like about the three possible starting points I mentioned. I’m not going to regurgitate every detail, but I’ll try to give you the gist. Then, I’m going to make up a f...
I share daily thoughts about cybersecurity and emerging technology. [Subscribe](https://daily.axalane.com) or [hire me](https://axalane.com)
Subscribe to Doug Lane
Subscribe to Doug Lane
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
It's often said that humans are the weakest link in most organizations' security posture. It's probably true. But it's also a bit unfair. Working securely is actually pretty hard these days, even if you're technically savvy.
You're told not to click on unsafe links. But you're bombarded with inscrutable URLs every day, including many from the same people who will blame you the one time you make an error.
Emails from the outside partner you work with every day have the same "dangerous outsider!" label as those from a threat actor trying to social engineer you.
You're told not to use unsanctioned tools for communicating and collaborating with outside parties. But any company-sanctioned alternatives are too locked down to be useable.
If you're a developer, you're expected to write bug-free code, even though you face unrelenting pressure to ship new capabilities continuously.
If you're a SecOps pro, you're expected to catch every threat, even though you're hit with an information firehose every day.
It's been like this for years. But I'm encouraged by how many security vendors I now see:
Respecting the practical needs of users who must communicate and collaborate across geographic and organizational boundaries.
Giving developers something better than boring online training modules to develop their security acumen.
Creating security process linkages to non-security teams like developers and infrastructure ops teams who can improve security at a foundational level.
Harnessing the power of machine learning to bring greater focus and context to threat hunting and security monitoring.
There is still a long road to travel. But it feels like we're finally starting to embrace the human element of security rather than point fingers at it.
-Doug
It's often said that humans are the weakest link in most organizations' security posture. It's probably true. But it's also a bit unfair. Working securely is actually pretty hard these days, even if you're technically savvy.
You're told not to click on unsafe links. But you're bombarded with inscrutable URLs every day, including many from the same people who will blame you the one time you make an error.
Emails from the outside partner you work with every day have the same "dangerous outsider!" label as those from a threat actor trying to social engineer you.
You're told not to use unsanctioned tools for communicating and collaborating with outside parties. But any company-sanctioned alternatives are too locked down to be useable.
If you're a developer, you're expected to write bug-free code, even though you face unrelenting pressure to ship new capabilities continuously.
If you're a SecOps pro, you're expected to catch every threat, even though you're hit with an information firehose every day.
It's been like this for years. But I'm encouraged by how many security vendors I now see:
Respecting the practical needs of users who must communicate and collaborate across geographic and organizational boundaries.
Giving developers something better than boring online training modules to develop their security acumen.
Creating security process linkages to non-security teams like developers and infrastructure ops teams who can improve security at a foundational level.
Harnessing the power of machine learning to bring greater focus and context to threat hunting and security monitoring.
There is still a long road to travel. But it feels like we're finally starting to embrace the human element of security rather than point fingers at it.
-Doug
No activity yet