This blog is a chapter of an unpublished book. I wrote this piece almost two years ago to highlight information security best practices and techniques that can help protect against online threat actors and stalkers. I spent several hours writing this piece with the help of others in the information…
Here is the link to the PowerPoint slides that were used during my talk at The Diana Initiative today. There is also a PDF in the folder that includes a few questions to consider when you're building an effective security program. Whether you are a seasoned veteran or a newbie,…
Success is subjective. It can be measured as a “good” result, but ultimately, you define your own success. Whether it is obtaining monetary wealth, being rich in health, building meaningful relationships, innovating groundbreaking technology or all the above. To define success, you must identify your life goals. Some examples of…
A lot of people ask me how I got into InfoSec, so I decided to write a blog post about my journey. I wasn't always interested in InfoSec, but it quickly became something I was quite passionate about. This is Part 1 of a 2 part blog. I want to…
Information security professionals often talk about developing technical skills, but having the ability to navigate an organization and the people within it is often overlooked. You should be intimate with your organization's solutions and tools. However, you must also consider your security controls and their objectives. There are pertinent questions…
As information security professionals, it is our job to assess, manage, and monitor risk. But what happens when organizations don't acknowledge risk? In this blog post, I am going to focus on the crippling effects of the lack of senior management buy-in as well as end-user push back to the…
I want to discuss on a topic that I touched upon in my initial post– third-party vendor risk assessments. As an information security "Subject Matter Expert" (SME), I perform assessments for third-party vendors as part of the Third-Party Risk Management (TPRM) Program. Third-party risk assessments should be performed as part…
I am Cassie, also known as Cassie Cage (@akolsuoicuaqol on Twitter and Instagram). My first blog post is dedicated to you, the reader. I would like to tell you a little about myself, what I do, and my journey into information security. I currently work in Governance, Risk and Compliance.…