There are six words that no security or technology professional ever wants to hear: “We have a confirmed data breach”.

Almost everything we do in our enterprise security programs as leaders, or consultants, or programmers, or analysts, or ethical hackers, or trainers, or company business executives or (fill in the blank with another role including end users) is intended to prevent the moment when those words are said.

If you’ve ever been the person accountable for security and heard those words spoken, you know that terrible sinking feeling. For others, here’s an (imperfect) analogy: Think of how you would feel if you heard a doctor tell you that your tests came back positive and you do, indeed, have cancer.

Read More