A typical day in a mid-sized company. The already overworked developer, deep in crunch mode1 gets a quick note: “Would you please make the open invoices visible in the overview of all customers for this project?” Dutifully, he nods. He knows it’s an important project, the task isn’t technically difficult and the boss likes quick and simple solutions. Read more

A typical crisis meeting scenario: The Management and myself as an external consultant or information security officer sitting in a conference room: Our processes are being slowed down by too many security requirements. Employees are complaining. ‘Your’ IT security is becoming a risk to our business. Read more

I need to admit: I really love writing audits. It has a certain degree of scientific working to falsify statements. So I was recently confronted with the following quote from a responsible IT manager: We are not concerned with security, but with liability. If Microsoft promises security, this is enough for us. Read more

My rant showed some effect ;-) Coming Friday, 2nd October 2020 from 7pm on, I will give a presentation covering IT risk assessment and information security. Everything will be hands-on with realistic (live) examples from the web for an audience of developers, project managers, independent consultants and anyone interested in technology. Read more