David Mortman


Rich Mogull and Mike Rothman on Security Research and Metrics

Dennis Fisher talks with Rich Mogull, Mike Rothman, David Mortman and Adrian Lane about the merger of Securosis and Security Incite, the need for better metrics in security and improving security research.[audio http://www.threatpost.com/sites/default/files/digital_underground_44.mp3]

Better Security Through Diversity of Thinking

By David Mortman
Inspired by professional pastry chef Shuna Fish Lydon:

“You do not know what a good, bad or indifferent baker/pastry chef you are until you work alongside someone who is better/worse than you. This is not at all to say that if you are an outstanding home baker, you are deluding yourself. But as far as professional cooking & baking go, it is my experience that unless you push yourself really hard to stay away from your sweet spot comfort zone of I-Know-All-I-Need-To-Know-And-I-Feel-Very-Comfy-In-This-Job/Kitchen-Thank-You-Very-Much, and move kitchens or chefs or hire people who are much closer to your level than you feel comfortable having them, you will become stagnant in your baking skill and knowledge.”


Digital Underground podcast with Dennis Fisher
[audio http://threatpost-dev.us.kaspersky.com/sites/default/files/digital_underground_7_0.mp3]
In this episode of the Digital Underground podcast, Dennis Fisher talks with David Mortman, CSO-in-residence at Echelon One and longtime security executive, about whether we’ve become too reliant on compliance, the changing nature of the CSO’s job and how network security is like baking artisan bread. Really.

By David Mortman
I always find RSA interesting because in addition to the official theme of the conference (what was this year’s anyways?) there is the unofficial theme, that usually comes from either the show floor (Everyone remember how every year from 1999 through 2003 was “The Year of the PKI”?) or from the talks themselves. 

By David Mortman
I spent some time earlier this week at mini-metricon, a workshop that was inspired by the success of Andrew Jaquith’s security metrics mailing list and the larger Metricon which is held each year in conjunction with the USENIX Security Conference. In essence members of the mailing list gather each year on the Monday before RSA and share what they are doing with regards to security merics within their organizations.

By David Mortman
I am very excited to be guest blogging about RSA here on Threatpost. A special thank you to Dennis and Ryan for the privilege.

I am also  very excited to once again be speaking at RSA this year. Last year, I was on a panel with Mike Rothman, Rich Mogull, Martin McKeay and Ron Woerner titled “Avoiding Another Security Groundhog Day”. The main theme of our panel was how could we as security practitioners move forward with protecting our customers while avoiding the sins of the past.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.