“Many recommendations Dan has received pertain to his extensive knowledge, sharp mind, and incredible work ethic. Though I still recognize those aspects, I am here to recommend him from a different perspective. Dan and I worked closely together, most directly on a quarter-long project which resulted in projections, estimates, and detailed analyses. Being both new to the analyst industry at the time and to this type of work, it’s safe to say I had an almost infinite number of questions for him. He took each in stride and maintained clear goals with precise direction. He translated (what were, to me) complex technical concepts into concise feedback and helpful criticism. I learned a lot from the experience; and I am grateful I learned it from Dan. His guidance is not only a reflection on his ability to teach, but also his own character and discipline. Dan was (and is) a mentor to me. He is honest, kind, an intellect, and has a great sense of humor. He is patient but direct, and a wonderful mentor. He is an advocate for the underdogs, supportive, encouraging, and is easy to talk with. I am grateful I've had the chance to work with him and hope to continue doing so for many years to come.”
About
Information security manager with an understanding of the business, application…
Contributions
-
How can you prepare for a cybersecurity interview?
The most direct method of demonstrating competency in the scenarios you'll be asked about in interviews for information security positions will be providing answers based on personal experience. To that end, developing your narrative and story telling around those experiences is important. How would you handle an incident or data breach? Here's an example of how I handled one I experienced, here's what worked, here's what I learned in the process. Here are preventative and responsive steps taken in the days and months after that incident to prevent or reduce the impact of the same thing happening again.
-
How can user feedback drive creative problem solving in software development?
One of the most valuable forms of user feedback is seeing what users do in addition to what they say. A usability lab type setup where a user is observed using an application can be a great source of insights. What use cases are they stumbling with or having trouble executing? Where is the application not intuitive?
-
How do you collaborate with security professionals in your network?
I might turn this around as a security professional and ask what’s most effective when security pros communicate with areas of the business and IT. I would say be up front about the potential inhibitors of what a security product or policy might create in view of your specific job responsibilities. I see too many security rollouts negatively effected because an honest professional conversation about potential risks and road blocks never took place. Users are forced to work around things, which is a result the security team didn’t intend to have happen.
-
How can technical support improve cybersecurity and protect against cyber threats?
Education of technical support groups is important, they can be very effective advocates of cybersecurity in an organization, and are often IT’s most visible front line with users. That said it’s not enough, designing processes with a view towards least privilege is difficult, as tech support jobs must by necessity solve user issues. So some risk is inherent in these operations, and careful design around security procedures must accompany education and awareness initiatives. Those processes must be structured to consider user experience alongside security concerns.
Activity
-
"Kennedy regularly speaks with CISO end users as part of his ongoing 'Voice of the Enterprise: Information Security' quantitative research into top…
"Kennedy regularly speaks with CISO end users as part of his ongoing 'Voice of the Enterprise: Information Security' quantitative research into top…
Shared by Daniel Kennedy
-
Don’t celebrate ransomware’s decline just yet - Upon seeing the percentage of survey respondents who experienced a #ransomware attack fall from 23%…
Don’t celebrate ransomware’s decline just yet - Upon seeing the percentage of survey respondents who experienced a #ransomware attack fall from 23%…
Shared by Daniel Kennedy
-
Thanks Daniel Kennedy for a great conversation on a range of #SecOps topics!
Thanks Daniel Kennedy for a great conversation on a range of #SecOps topics!
Liked by Daniel Kennedy
Experience
Education
Licenses & Certifications
Volunteer Experience
-
President
Ramsey Historical Association
- Present 21 years
Education
President and board member of the Ramsey Historical Assocation (RHA). The Ramsey Historical Association was organized in 1956 to restore, manage and preserve the Old Stone House museum and its collections, and to stimulate interest in local history.
Developed the association's web site (http://www.ramseyhistorical.org), the separate history site http://www.ramseyhistory.org, and set up/maintain their social media presence. -
Head Coach
Ramsey Baseball & Softball Association
- 12 years 3 months
Children
Publications
-
The 2022 API Security Trends Report
Noname Security
The explosive growth of API usage is not without risks. While security considerations such as authentication and authorization for APIs and preventing unintended data exposures have accompanied API usage throughout the past 20 years, increased dependency also means increased opportunities for security-related problems.
-
The conflict in Ukraine may indirectly trigger more cybersecurity investment
S&P Global
A question often asked relevant to the conflict in Ukraine is whether the potential for an offensive cyber-attack by Russia against the US in response to economic sanctions and military aid would spur US-based companies that maintain critical infrastructure to invest more in cybersecurity.
-
DevSecOps: Application security tool use between development and information security nears parity
S&P Global Market Intelligence
A steady multi-year trend toward greater collaboration has reached near parity in tool usage between information security and application development.
-
Are there too many Security Vendors?
451 Research
With some suggestions that there are more than 1,200 vendors in the security space, and likely more if the tally of all the security vendors looked at by 451 Research's security analysts is taken, vendor saturation isn't a far-fetched notion. However, with only 7% of respondents to 451 Research's Voice of the Enterprise: Information Security, Organizational Dynamics study saying the number of vendors was 'very difficult to manage,' this problem may be somewhat overblown, at least from the…
With some suggestions that there are more than 1,200 vendors in the security space, and likely more if the tally of all the security vendors looked at by 451 Research's security analysts is taken, vendor saturation isn't a far-fetched notion. However, with only 7% of respondents to 451 Research's Voice of the Enterprise: Information Security, Organizational Dynamics study saying the number of vendors was 'very difficult to manage,' this problem may be somewhat overblown, at least from the perspective of the average enterprise security manager.
-
The Increasing Composition of Open Source in Apps, and One Big Breach, Drive SCA
451 Research
Software composition analysis (SCA) tools concern themselves with the identification of open source libraries and tools that have been built into or support an application, an identification that helps evaluate unpatched code, licensing issues and potential security vulnerabilities. The continued growth in the percentage of open source in newly created applications, and one big data breach, have led to a significant increase in the in-use percentage of SCA, according to 451’s Voice of the…
Software composition analysis (SCA) tools concern themselves with the identification of open source libraries and tools that have been built into or support an application, an identification that helps evaluate unpatched code, licensing issues and potential security vulnerabilities. The continued growth in the percentage of open source in newly created applications, and one big data breach, have led to a significant increase in the in-use percentage of SCA, according to 451’s Voice of the Enterprise, Information Security studies.
-
Designing a Modern Application Security Program
Synopsys
Application development has become the key differentiator for many organizations’ technology teams. The question is, how do information security teams support development teams with the tools needed to reduce vulnerabilities without interfering with developers’ delivery-oriented priorities?
-
Exploring Coordinated Disclosure, Shedding light on perceptions and experiences in how software vulnerabilities are reported
Veracode
The comfort level with the idea of third-party security testing, even unsolicited testing, among those who develop, support and secure applications suggests that such activities should be approached as a constant at this point, essentially both a cost of doing business when leveraging technology and an aspect of due care. Resisting third-party security reports appears to be a fool’s errand for organizations.
-
Application Security Shifts Left in System Development Lifecycle
451 Research
Application security is undergoing a necessary shift left in the system development lifecycle (SDLC), moving backward through the testing box and into the code creation one. This necessary change has crawled forward for years, but according to 451 Research's recent Voice of the Enterprise Information Security Vendor Evaluation study, has finally passed a tipping point. The reasoning was always clear – fixing a security vulnerability in software is at its lowest impact in cost and effort when it…
Application security is undergoing a necessary shift left in the system development lifecycle (SDLC), moving backward through the testing box and into the code creation one. This necessary change has crawled forward for years, but according to 451 Research's recent Voice of the Enterprise Information Security Vendor Evaluation study, has finally passed a tipping point. The reasoning was always clear – fixing a security vulnerability in software is at its lowest impact in cost and effort when it is fixed shortly after creation. Otherwise, it goes through other's hands, like testers, or in the worst case is exploited by an attacker in production.
-
The Security Skills Drought is a Constant; Start Designing Around It
451 Research
The percentage of organizations stating that they face a security skills shortage remains virtually unchanged from 2017 to 2018; thus, security vendors must stop simply acknowledging a shortage of security staff and start treating it as a constant to design around.
-
Compliance Comes Roaring Back With GDPR
451 Research
The goal of many leaders of security programs is to make producing proofs of compliance the output of an already effective security program and for a while, compliance-driven projects took a back seat to some manner of risk assessment, a holistic look at the impact and probability of potential security vulnerabilities in both an organization's processes and its technical infrastructure. Multiple indicators in the most recent VotE study indicate that such an approach will be subordinated for…
The goal of many leaders of security programs is to make producing proofs of compliance the output of an already effective security program and for a while, compliance-driven projects took a back seat to some manner of risk assessment, a holistic look at the impact and probability of potential security vulnerabilities in both an organization's processes and its technical infrastructure. Multiple indicators in the most recent VotE study indicate that such an approach will be subordinated for many organizations for at least a year. The breach notification timeline requirements, large potential fines and the need to inventory many forms of personal information that are part of GDPR's requirements have caught the attention of security managers whose business is in or touches the European market.
-
The rising tide of security budgets lifts all boats - but not in equal measure
451 Research
Security budgets are up, and last year's research on key projects in information security did not indicate a single technology where spending was decreasing in aggregate, even in long-tenured services. A rising tide lifts all boats, but that doesn't tell the entire story – one that sees underlying changes in the way technology services are delivered in general affecting where security spending is applied. 'Invisible infrastructure,' notably the move to hosted cloud, puts further pressure on…
Security budgets are up, and last year's research on key projects in information security did not indicate a single technology where spending was decreasing in aggregate, even in long-tenured services. A rising tide lifts all boats, but that doesn't tell the entire story – one that sees underlying changes in the way technology services are delivered in general affecting where security spending is applied. 'Invisible infrastructure,' notably the move to hosted cloud, puts further pressure on network security and hardware-delivered services while application security focus grows.
-
Lush Cosmetics Data Breach
ZDNet
Lush Cosmetics, a handmade cosmetics company headquartered in Poole, Dorset in the United Kingdom with some 600 locations around the world, has ostensibly been the âvictim of hackersâ according to a post on their UK version web site http://www.lush.co.uk/ yesterday. Details are in somewhat short supply, but according to the notice posted, there was a successful initial intrusion and repeated subsequent attempts at re-entry.
-
Discussing Gawker's Breach With Founder Nick Denton
Forbes
The article I wrote yesterday on the lessons of Gawker’s massive security breach spurred a number of reactions including one I was not quite expecting: an e-mail from Gawker Media founder Nick Denton.
-
The Real Lessons Of Gawker’s Security Mess
Forbes
Gossip site Gawker has experienced a large data breach whose scale fully came to light Sunday. The group that calls itself Gnosis claimed and provided evidence of responsibility, motivated in their words by Gawker’s arrogance in its previous dealings with members of the Internet board 4chan.
-
More Details Emerge On ‘Sextortion’ Hacker Suspect
Forbes
The hacker who allegedly victimized at least 186 women and 44 girls in a bizarre “sextortion” scheme and was arrested earlier this week following a two year investigation by the FBI is a Mexican national, a programmer, and a paraplegic due to a gang-related shooting, according to information released by the FBI Wednesday.
-
114,000 iPad Owners Might Get Spam
Forbes
By now you’ve read Gawker’s breathless reporting of how AT&T has exposed the e-mail addresses of 114,000 Apple iPad 3G owners, and seen the picture on their website demonstrating what that many records looks like printed out. Having a web response without any form of authentication reveal user e-mail addresses is negligent, don’t get me wrong. It just doesn’t rise to a level of hysteria depicted in some of the coverage thus far.
-
The Proliferation Of Scareware Hits Home
Forbes
The agitation in the voice on the phone shook me from sleep early Saturday morning: My Uncle the surgeon had a computer problem and he was concerned enough to call. He explained he had been trying to view pictures of a newly renovated base in South Korea when all of a sudden McAfee popped up and did a scan, revealing 28 viruses. But for some reason the new module McAfee wanted him to install wasn’t working because the site wouldn’t accept either of his credit card numbers.
Honors & Awards
-
PTG Technology Power Award
-
-
Pershing Leadership Award
-
-
Technical Managers Forum Award - Project Management
-
Recommendations received
47 people have recommended Daniel
Join now to viewMore activity by Daniel
-
I had the opportunity to sit down with Beth Pariseau on her IT Ops Query podcast to discuss what the results of our Voice of the Enterprise research…
I had the opportunity to sit down with Beth Pariseau on her IT Ops Query podcast to discuss what the results of our Voice of the Enterprise research…
Shared by Daniel Kennedy
-
Privileged identities challenge CISOs Managing privileged identities remains a headache for organizations’ security leaders — it is the top-cited…
Privileged identities challenge CISOs Managing privileged identities remains a headache for organizations’ security leaders — it is the top-cited…
Shared by Daniel Kennedy
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Daniel Kennedy in United States
-
Daniel Kennedy
-
Daniel Kennedy
Global President of Cloud Solutions and Innovation
-
Daniel Kennedy
Executive leader building a prosperous and equitable ecosystem based in Tech and Engineering | Let's talk!
-
Daniel Kennedy
923 others named Daniel Kennedy in United States are on LinkedIn
See others named Daniel Kennedy