Profile of Ira Winkler

CISSP, President, Secure Mentem News & Commentary Posts: 16

Ira Winkler is president of Secure Mentem and author of Advanced Persistent Security.

Proving the Value of Security Awareness with Metrics that 'Deserve More'

5/22/2019
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
Post a Comment

The 'Twitterverse' Is Not the Security Community

3/27/2019
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Post a Comment

Security Experts, Not Users, Are the Weakest Link

3/1/2019
CISOs: Stop abdicating responsibility for problems with users — it's part of your job.
Post a Comment

Yes, You Can Patch Stupid

1/30/2019
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Post a Comment

Kudos to the Unsung Rock Stars of Security

1/11/2019
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
Post a Comment

The Case for a Human Security Officer

12/5/2018
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
Post a Comment

How to Gauge the Effectiveness of Security Awareness Programs

8/21/2018
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Post a Comment

The Fundamental Flaw in Security Awareness Programs

7/19/2018
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Post a Comment

Indicting Chinese Military Officers Is A Huge Mistake

5/29/2014
Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
Post a Comment

NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job

4/4/2014
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Post a Comment

Target Mocks, Not Helps, Its Data Breach Victims

1/22/2014
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Post a Comment

Why Security Awareness Is Like An Umbrella

12/5/2013
A small security awareness program will protect you as much as a small umbrella. So don’t complain when you get wet.
Post a Comment

Make The Most Of National Cyber Security Awareness Month

10/1/2013
NCSAM is a catalyst to get extra attention for your security programs
Post a Comment

Arguments Against Security Awareness Are Shortsighted

3/25/2013
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Post a Comment

Stupid IRS Spam

9/30/2009
I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.
Post a Comment

Why Social Engineers Need Training

9/10/2009
Many security professionals who think they know anything about penetration testing also think they know enough to perform social engineering. After all, they are successful time and time again, so they think they know what they are doing. However, what follows is a textbook example of how a little knowledge in the wrong hands can be very dangerous.
Post a Comment