What is, in your opinion, the biggest challenge in protecting sensitive information at the enterprise level?
The overwhelming flood of patches to fix vulnerabilities is very difficult to deal with. We actually have data glut, with a constant flow of vulnerability notices, threat indications, attack detection, and so on. It's hard keeping up with all of this information, and figuring out what is really important.
What are your future plans? Any exciting new projects?
I'm working on another book. This next tome will be more focused on specific attacks than the last one. I'm pretty excited about it.
Additionally, I write monthly "Crack the Hacker" challenges to test readers' knowledge of handling various computer attack scenarios. I write up a scenario based on some movie theme, and pose various questions at the end. So far, I've written Spider-Hack, Hack to the Future, How the Grinch Hacked Christmas, and many others. They are located at counterhack.net.