A lot of people ask me how I got into InfoSec, so I decided to write a blog post about my journey. I wasn't always interested in InfoSec, but it quickly became something I was quite passionate about. This is Part 1 of a 2 part blog. I want to…
Information security professionals often talk about developing technical skills, but having the ability to navigate an organization and the people within it is often overlooked. You should be intimate with your organization's solutions and tools. However, you must also consider your security controls and their objectives. There are pertinent questions…
As information security professionals, it is our job to assess, manage, and monitor risk. But what happens when organizations don't acknowledge risk? In this blog post, I am going to focus on the crippling effects of the lack of senior management buy-in as well as end-user push back to the…
I want to discuss on a topic that I touched upon in my initial post– third-party vendor risk assessments. As an information security "Subject Matter Expert" (SME), I perform assessments for third-party vendors as part of the Third-Party Risk Management (TPRM) Program. Third-party risk assessments should be performed as part…
I am Cassie, also known as Cassie Cage (@akolsuoicuaqol on Twitter and Instagram). My first blog post is dedicated to you, the reader. I would like to tell you a little about myself, what I do, and my journey into information security. I currently work in Governance, Risk and Compliance.…