Using more security products won’t solve your cyber security problem

November 19, 2021|

Have you ever run into this scenario: there is a yearly audit on the security posture of the organization and this requires certain measures to be in place. However, everyone within the security department knows that that one specific measure (let’s name it checkbox alpha) is not actually in place.

Why Scrum doesn’t work for us: The quest for a better suit

October 29, 2021|

In this new series we try to give a look into one of the ON2IT teams by letting them write a blog article on how they run their team. This week DevOps kicks off with an article on why the Scrum method did not fit their needs.

Don’t just cry wolf – Avoid alarm fatigue, use continuous validation

September 30, 2021|

A one-off vulnerability assessment or automated penetration test may serve to raise awareness to gain focus. Still, it also bears a risk of fatigue in that it usually raises a seemingly insurmountably large heap of issues. If you're seeking to take control of and improve an existing situation, don't look once.

What the hack happened? A CISO perspective on the Microsoft Cosmos bug

August 30, 2021|

Last week’s uproar on the Microsoft Azures database (Cosmos bug) hit the boardroom. A lot of major companies use Microsoft Cloud, so Azure customers were in for a rough surprise. Wiz's Chief Technology Officer Ami Luttwak (his company found the vulnerability) describes it as “the worst cloud vulnerability you can imagine.”