Cybersecurity Board Reporting
Need some tips and tricks for Board buy-in? In this blog, learn exactly how to position your cyber security program’s…
Security Program Management (SPM) and Governance, Risk and Compliance (GRC): What’s the Difference?
While there are many commonalities in terms of data collected for GRC and SPM, the objectives are different. GRC documents…
Cybersecurity Talent Challenge
We have a massive supply and demand issue that creates the “Cybersecurity Talent Challenge” The fact is, there are not…
Cybersecurity Awareness Month Doesn’t have to be Scary
In the spirit of Cybersecurity Awareness Month, we thought we would de-mystify a few of the tall tales and horrors…
How Internships In Cybersecurity Can Help You Bridge The Talent Acquisition Gap
Summer interns are an excellent resource for evaluating security vendors when you have an active project. The intern learns about…
Blue Lava Introduces New Risk Solution to Further Help CISOs Communicate with their Business Leaders
To help CISOs measure, mitigate and communicate their cyber risks, Blue Lava has introduced a new Risk Dashboard and toolset…
Part Three: Conclusions and Recommendations
This is the third of three blog posts about our recent survey on security program management. The previous posts discussed…
Part Two: What are Priorities for Making Security Program Management Better?
This is the second of three blog posts about our recent survey on security program management. The previous post discussed…
Part 1: Current Practices for Security Program Management
This is the first of three blog posts about our recent survey on security program management. This post discusses some…
SEC Rules on Cybersecurity – Blue Lava’s response
For many, the SEC’s proposed new rules on cybersecurity are a long time coming. Read Blue Lava's reponse
Addressing Top Common CISO Challenges With a 3x CISO | Blue Lava
So many times, I’ve personally struggled with the successful alignment of security to business objectives. Part of this challenge is…
Learning from Experience – November Blue Lava MasterClass Takeaways
As a typical CISO, we find ourselves with a minimum 50-hour workweek pretty much every week. The question is, where…
We’re Heading into 2021… What Security and Risk Lessons From 2020 Are We Bringing with Us?
2020 was a banner year of transformation—whether we liked it or not—changing how we work individually and together, both on…
Three Security Pillars (part 1): The Most Important Parts of Your Security Culture and Program Are the People
As emphasized by SFIA (Skills Framework for the Information Age), everyone holds information security responsibilities. Individuals and organizations need to…
Three Security Pillars (part 2): Enabling and Empowering a Team to Drive Operational Efficiencies, Meaningful Results, and Business Value
Last month, I introduced you to three pillars of lessons learned that we can take with us as we move…
Three Security Pillars (part 3): Selecting and Turning the Knobs of Technology to Do What’s Right for the Business
I recently introduced you to the Three Pillars of Lessons Learned—a three-part blog series that we can take with us…
The Ultimate Plan for a New CISO’s First 90 Days
A handful of first-time and emerging CISOs have reached out and asked for some best practices as they continue their…
Life As a New CISO: Best Practices – Part 2
A handful of first-time and emerging CISOs reached out to me and asked for some best practices as they continue…
Overcoming InfoSec Budget Apprehension: 3 Proven Tips to Ensure CISO Success and Job Satisfaction
According to Gartner, worldwide security and risk management spending may be under greater scrutiny in 2021compared to previous years. So…
Words Matter: What is the Language Used Between Business Leaders and CISOs
How do we know we’re doing well with our security program —or if we are missing the mark when it…
Your Blueprint for Success: The Starter Guide for CISOs
We are excited to introduce you to our latest series of educational blog posts directly aimed at new CISOs. Our…
Your Blueprint for Success: The Starter Guide for CISOs (Part 2)
Part two of our series picks up where Phil left off and provides new CISOs advice on how to get…
Your Blueprint for Success: The Starter Guide for CISOs (Part 3)
Part one of our ongoing informative blog series, “Your Blueprint for Success: The Starter Guide for CISOs,” Phil Beyer, Head…
Your Blueprint for Success: The Starter Guide for CISOs (Part 4)
This series was written by CISOs for new CISOs. Our goal was to introduce you to the necessary steps to…
Alignment Between Business and Information Security Improves with Maturity: What’s the Impact and Which “Side” Needs to “Mature?” (Part 1)
We all have our own perspectives, assumptions and expectations for what it takes and what it means to be a…
Alignment Between Business and Information Security Improves with Maturity: What’s the Impact and Which “Side” Needs to “Mature?” (Part 2)
From the InfoSec leadership perspective, there’s a clear focus on vulnerabilities, attacks, incidents, and threat intelligence. From the business community…
Blue Lava Makes the Gartner Hype Cycle for Cyber and IT Risk Management, 2021
I’m proud to announce that Blue Lava has recently been named in Gartner’s 2021 Cyber and IT Risk Management Hype…
The CISO Security Maturity Journey Starts by Connecting Technology Dots to Business Objectives
You’re a CISO doing a bang-up job on your company’s security posture. From a technology perspective, you use all the…
Gartner Confirms the Hype about Blue Lava
As Gartner continued to release new Hype Cycles throughout July, Blue Lava was proud to be included in a total…
The Blue Lava Origin Story
Blue lava is the first business platform for CISOs to manage their security program. Blue Lava guides security leaders to…
Blue Lava Simplifies Security Assessments during M&As
Mergers and acquisitions (M&A) create unique challenges for cybersecurity teams. Before the business transaction, cyber due diligence is necessary to…
2022 Just Around the Corner: It’s Time to Transform Our Security Programs
While recently thinking on ways to help our community tackle this challenge, I ran an informal poll on LinkedIn. More…
A Look at Gartner’s Report: The Urgency to Treat Cybersecurity as a Business Decision
After years of accelerated cybersecurity spending, it looks like company decision-makers are starting to pull back on the throttle. Security…
