Thursday, August 18, 2022

Federal Auditing is... Complicated.

Breaking down your understanding of all things Federal, eh? Yeah, I'm *still* learning. I love this compilation you can find at I've been using this chart for years to demonstrate to my peers how different bodies of work interact. You'll find this in compliance slide decks I've created for graduate college classes to drive the point that there is a lot to consider when making control selection, design, implementation, and operational decisions. 

You can use this as another tool for peeling back layers and quickly finding related directives and publications. 
From the website (do yourself a favor and read this before looking at the chart...): 
  • "The goal of the DoD Cybersecurity Policy Chart is to capture the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware of, in a helpful organizational scheme. The use of colors, fonts, and hyperlinks is designed to provide additional assistance to cybersecurity professionals navigating their way through policy issues in order to defend their networks, systems, and data.
  • At the bottom center of the chart is a legend that identifies the originator of each policy by a color-coding scheme. On the right-hand side are boxes identifying key legal authorities, federal/national level cybersecurity policies, and operational and subordinate level documents that provide details on defending the DoD Information Network (DoDIN) and its assets. Links to these documents can also be found in the chart."

Wednesday, August 17, 2022

Global 500 vs Fortune (US) 500 Sector Comparisons - I.e. Profit Margins!

I created this out of curiosity about the macro business environment changes and differences over the last year and between US and Global markets among different sectors. As usual - Follow the money... There's some interesting insights. 

So what line of business is the most profitable?? This is organized by the average profit margin of companies within each sector.

Tuesday, August 16, 2022

Brilliant Article: (Don’t) Focus on Your Job at the Expense of Your Career

Credit to HBR and specifically Dorie Clark. Brilliant. Young people need to hear this. 

Don’t Focus on Your Job at the Expense of Your Career (

Summary: "The gap between what we have to do today and where we see ourselves in the future can be vexing. We’d like to advance toward our goals, but we feel dragged down by responsibilities that seem banal or off-target for our eventual vision. In this piece, the author offers four strategies you can try so that you can simultaneously accomplish what’s necessary for the short-term while playing the long game for the betterment of your career." 

  1. Analyze the strategic value of your activities.
  2. Enlist allies.
  3. Manage your brand.
  4. Be willing to experiment with “120% time.”
IMHO - This is what I tell my own teenagers and students in college:
  • Put in the time when you are young because you have the energy, mental capacity, and the greatest amount of neural plasticity.
  • The world and the workplace are not fair. Position yourself to capitalize on opportunities. That can be many things - training, visibility, kindness, someone others want to be around and emulate.
  • Embrace the opposite of Imposter Syndrome. Be confident and go for it. Why not you? 
  • Hard work beats talent when talent doesn't work hard. 
More excellent articles by Dorie Clark

  1. Haven't Networked in a While? Here's How to Jump Back In.
  2. Stop Procrastinating and Tackle That Big Project
  3. Approach Your Personal Brand Like a Project Manager
  4. How to Make Progress on Your Long-Term Career Goals
  5. The Upside of Feeling Uncertain About Your Career

Thursday, August 11, 2022

Open Cybersecurity Schema Framework (OCSF)

Who: Amazon, Cloudflare, CrowdStrike, IBM, Okta, and Salesforce

What: They have collaborated on a joint initiative to solve a critical bottleneck in the sharing of threat information: The different data formats currently in use across multiple cybersecurity tools and products.

  • Schema includes: Activity; Activity ID; Category; Category ID; Class; Class ID; Count; Duration; End Time; Enrichments; Event Time; Message; Metadata; Observables; Original Time; Product; Profiles; Raw Data; Reference Event Code; Reference Event ID; Reference Event Name; Severity; Severity ID; Start Time; Status; Status Code; Status Details; Status ID; Timezone Offset; Type ID; Type Name; Unmapped Data

Thoughts: There's still a tremendous amount of work to be done and it will realistically be quite some time before the value is realized from this effort. However, it's good to see some progress and interest. This has been a problem for a very, very long time. 

Tags: Open Cybersecurity Schema Framework (OCSF)