Jay’s Best of 2015

December 30, 2015

I’m always wrong when it comes to predictions. In fact, ask me what I think will happen next year and bet on the opposite.

I seriously starting writing back in April of 2015. Many of the regular readers probably starting reading after that. So I thought there may be value putting together my best posts in 2015.

Are these the most popular? Kind of but not really. I used analytics to find the most engaging articles (combination of people who read them, shared them, and commented on them). Hopefully you find value in the list.

To make the list a little bit more interesting, I’ve added some background on why I wrote each article to give you insight into my thinking.

Thanks for supporting me in 2015 and hopefully I can continue the writing streak into 2016.

  1. Why Security Needs DevOps** — I was listening to a bunch of developers talk about Devops and it was clear security and development had a huge disconnect on how to build security into DevOps. It’s interesting that this is the top read. **(4 months ago | Aug 17, 2015)
  2. Are We Running Out of CISOs?** — I was talking to a CIO who was complaining about how few CISO candidates they had for the position. And even when they narrowed it down to 4 final candidates, they lost 2 candidates to other gigs. **(8 months ago | Apr 20, 2015)
  3. 4 Things You Should Tell Your Non-Infosec Friends** — I wrote this in the post. I was dumbfounded by some of the things I found in the Ashley Madison data. There is definitely some broad teaching to be done. (**4 months ago | Aug 24, 2015)
  4. The Only Security Certifications You Actually Need** — One of the reasons this post ranked so high on the list is that a lot of people disagreed with me. (I say the CISSP is the only one you need.) I haven’t changed my mind. The stats say that most hiring managers want the CISSP. (**4 months ago | Aug 05, 2015)
  5. Why I Turned Down A Security Job at Playboy** — This was the most fun to write. I just tell this story a lot and felt it was about time to write it down. (**7 months ago | May 20, 2015)
  6. The 14 Best YouTube Videos to Grow Your Security Career** — I am amazed by the volume of recorded content on Youtube. Even with these 14, there are many, many more. (**4 months ago | Aug 19, 2015)
  7. Don’t Go to Hacker Cons** — I had just attended a “Con” and was pretty upset by what I saw. This was definitely in reaction to that. (**7 months ago | May 13, 2015)
  8. 7 Types of CISO** — I don’t know why I wrote this one before the “Are we running out of CISOs” post. They came to me together. The CIO I was talking to didn’t understand that a CISO isn’t a one size fits all role. (**8 months ago | Apr 27, 2015)
  9. 3 InfoSec Women on Women in Security** — I recorded the podcast with Caroline Wong shortly before I wrote this. She inspired the post. (**5 months ago | Jul 22, 2015)
  10. Why Developers Don’t Know Security** — I attended another conference that week and decided to write this post. I think everyone knows it but never really put it down on paper. While coming in at number 10, I’m very happy about how this came out. (**7 months ago | May 04, 2015)