Founded by Alex Holst, Holst Security has more and deeper experience with information security and business risk than do many in this part of the world.
First inspired by 1994’s “Firewalls and Internet Security,” Alex has worked virtually non-stop with numerous aspects of security: Incident response, disaster recovery & business continuity, configuration management, log analysis, application code review, system and network design.
Later came an interest for applying evidence-based risk management and working closely with top executives to enable organisations take full advantage of information technology.
In february 2002, when Microsoft stopped all production for two months to train their developers on security, Alex was already several years into experience with risk management, hardened operating systems, reduced attack surfaces and “secure features” over “features”.
Early experience with security standards BS7799 and DS484 then led to ISO 27001 as the internationally recognised means of implementing an information security management system.
The long path from technical security to executive sparring has enabled a sort of intuition about what methods work with people and which workflows or software is too complex to properly secure.
So what works? Executive mandate w/budgets. Structured approaches. Organisation-wide communication.