Category: IT Management
-
Tools Cannot Think for You
The myth of the self‑running system Every year, the industry repeats the same fantasy: buy the right tool, and the work will magically disappear. But tools do not create plans. Tools do not define objectives. Tools do not understand your environment, your risks, or your deadlines. A tool can automate a task. It cannot replace…
-

How to choose a vendor in context of infosec goods and services
a new label doesn’t create a new capability.” know what you actually need most people start with vendors before they start with themselves. that is the first mistake. if you don’t know what problem you are solving, every vendor suddenly looks “perfect”. it’s like walking into a hardware store without knowing if you need a…
-
Security solution which acts like traditional painkiller
most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon…
-
zero-trust: reselling old under a different name
the market has been acting as a reseller since late 90’s. we simply resell an old solution under a different shiny name again and again. one of the best examples is zero trust. with all noises around this concept, poor desperate companies waiting to resolve their security issues, or perhaps thirsty budgets waiting to find…
-
Does AI help us in security operations?
it does but only if it is originated from a intelligent programmer. AI is as smart as the people who did its modeling. an artificial intelligence cannot be more intelligent than its origination. presuming AI will be helping us securing cyberspace is like presuming we will have a accurate Accounting system or flawless GL just…
-
*DR
security community has been certainly obsessed with creating a new acronym every day instead of focusing on techniques and enhancing what is already there. basically we do not even try to enhance any thing, we just need to understand definitions and satisfy what has already been stated. XDR is one of those things now particularly…
-
what is information security management?
information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there…
-
having something vs doing something
There is a difference between knowing the path and walking the path, right? just because I have something, does not mean I know something, or I do something. just because there are technologies, software or tools for a thing, let’s say GDPR compliance metrics, patch management, ITIL platforms, vulnerability scanning, application security testing…and so on,…
-
Is EFS secure?
I have seen many official statements about EFS being so insecure and we should not use it blah blah…and that is so surprising for me something from professional sources hearing a unprofessional statement, or better say, inaccurate assumption about one of the simplest and effective ways towards cryptographic practices! Assuming you know what Encrypting File…
-
Management Without Understanding Is Not Management
The same problem, only louder Looks like nothing has changed. The same leadership failures I talked about years ago are still here, only more polished, more decorated, and more destructive. Companies keep pretending they have “leadership,” but what they really have is a chain of people giving deadlines without understanding the work behind them. The…