Mary K. Pratt

Contributing Writer

Mary K. Pratt is a freelance writer based in Massachusetts.

10 ways to get more from your security budget

10 ways to get more from your security budget

In today's economic climate, CISOs have to make every penny count and maximize every dollar. Here’s how some do that.

10 markers of a great cybersecurity program

10 markers of a great cybersecurity program

How strong is your security program? These ten indicators will help you recognize greatness in your own organization and serve as a guide for what to look for in a partner.

6 security metrics that matter – and 4 that don’t

6 security metrics that matter – and 4 that don’t

The increasingly high stakes of getting security right and growing board interest means metrics are more important than ever. But there are some metrics that are more useful than others.

How to write an effective information security policy

How to write an effective information security policy

An information security policy is a high-level view of what should be done within a company in regard to information security. Here's how to create one that is an effective tool for improving your security posture.

The CSO's playbook for forging board relationships

The CSO's playbook for forging board relationships

Security is a board-level concern, but many aren’t confident they have the information and processes to provide effective governance. This nine-point plan will help you cement your role as a trusted advisor.

Hiring scarce security talent: 8 secrets to working with recruiters

Hiring scarce security talent: 8 secrets to working with recruiters

Recruiters can be a valuable resource, especially when you're looking to hire for specialized and in-demand skills. Here's how to make the most of the relationship.

Winning the war for cybersecurity talent

Winning the war for cybersecurity talent

Security leaders say they expect demand for talent to outstrip supply for at least the next several years. Your task: develop staffing plans that recognize that reality.

10 ways to kill your security career

10 ways to kill your security career

A breach won’t necessarily doom your career, but these missteps could hamper your professional ambitions.

Three strategies to prove security's value

Three strategies to prove security's value

How CISOs can identify and quantify security’s value in real dollars

How to market security: 8 tips for recruiting users to your cause

How to market security: 8 tips for recruiting users to your cause

Getting users to care about security is a much-lamented challenge. What you need is a marketing plan.

4 signs the CISO-board relationship is broken (and 3 ways to fix it)

4 signs the CISO-board relationship is broken (and 3 ways to fix it)

Gaining the board's trust is key for elevating the security function to a strategic level. To do that, CISOs will need to get out of their technical comfort zone.

6 signs the CIO-CISO relationship is broken — and how to fix it

6 signs the CIO-CISO relationship is broken — and how to fix it

Successful collaboration between the IT and security leaders is essential but not always easy. Here are signs the relationship is broken – and 8 steps you should take to fix it.

How to establish your business’s risk tolerance

How to establish your business’s risk tolerance

Knowing your business risk appetite allows you to align security efforts to the business needs, prioritizing resources and spending on those areas where organizational leaders have the least appetite for risk. Here's how to do it.

Why security-IT alignment still fails

Why security-IT alignment still fails

Many organizations struggle to get IT and security on the same page and stay in synch as their enterprises speed ahead with digital transformation initiatives. Here's how to overcome some of the most common obstacles.

12 tips for effectively presenting cybersecurity to the board

12 tips for effectively presenting cybersecurity to the board

Don't let your board presentation miss the mark. Follow these best practices and common mistakes to avoid when communicating cybersecurity risk to the board.

3 top multi-cloud security challenges, and how to build a strategy

3 top multi-cloud security challenges, and how to build a strategy

A number of security best practices have emerged alongside the growth of the multi-cloud environment, security experts say, and there are several critical steps that all organizations should take as they develop their own security...

Secrets of 'shift left' success

Secrets of 'shift left' success

The shift left movement is about bringing security into the software development cycle earlier through DevSecOps and other changes, yielding more secure software more quickly and at lower costs.

For strong API security, you need a program not a piecemeal approach

For strong API security, you need a program not a piecemeal approach

When designed and managed properly, APIs can be less problematic than traditional integration methods and can actually increase an organization's security posture.

Evaluating patch management software: 6 key considerations

Evaluating patch management software: 6 key considerations

Given the breadth of software systems in any given organization and the volume of patches being released by vendors, patch management software is a critical capability within IT environments today. Here's how to choose the tools...

6 steps for a solid patch management process

6 steps for a solid patch management process

Patch management is simply the practice of updating software – most often to address vulnerabilities. Although this sounds straightforward, patch management is not an easy process for most IT organizations. Here are the steps you need...

Load More