Ryan McGeehaninStarting Up SecurityFollow-Up: SolarWinds Response to SEC LawsuitSolarWinds has responded on their blog regarding the SEC’s lawsuit against them following their breach. Here is some analysis:2 min read·Nov 9, 2023----
Ryan McGeehaninStarting Up SecurityLessons from the SEC’s Lawsuit against SolarWinds and Tim BrownA few days ago, the SEC filed a lawsuit against SolarWinds and their CISO that shares some similarities with the blameless post-mortem of…10 min read·Nov 6, 2023----
Ryan McGeehaninStarting Up SecurityVulnerability Management: You should know about EPSSThe Exploit Prediction Scoring system (EPSS) is great. You might like it, too, if you deal with large amounts of vulnerabilities.7 min read·Oct 9, 2023----
Ryan McGeehanBeyond Controls: The Power of Risk ScenariosScenarios are an underappreciated way to model infosec risk. A scenario is simply a future, consequential event you write to express a risk…6 min read·Aug 24, 2023----
Ryan McGeehaninStarting Up SecurityTalking about risk with thresholds 🔥Imagine you encounter a fire in the woods. You’d instinctively decide to do one of two things:3 min read·Mar 20, 2023--1--1
Ryan McGeehaninStarting Up SecurityA blameless post-mortem of USA v. Joseph SullivanOur industry deserves a complete retrospective into the incidents behind the criminal case against Uber’s former Chief Security Officer.32 min read·Dec 8, 2022--1--1
Ryan McGeehaninStarting Up SecurityEndpoint Security: Intuition around the Mudge DisclosuresThe Mudge disclosures bring up specific pain points around how endpoint security is measured and communicated and what baselines are…7 min read·Aug 24, 2022----
Ryan McGeehanHow to estimate legal costs from a data breach.We need budget and headcount to mitigate risks. Larger risks should encourage more resources towards mitigation efforts.10 min read·Nov 15, 2021----
Ryan McGeehanTroubles with quantified riskRisk quantification can be confusing and derailing to groups and decision makers.10 min read·May 31, 2021--1--1
Ryan McGeehanA risk decomposition walkthroughThis is a method I’ve used to help frame and model cybersecurity risks over the past few years. It helps organize a lot of complexity when…7 min read·Nov 20, 2020----