Being an InfoSec Professional / Cybersecurity / Data Science / Risk Management

People are hardly the weakest link in security

What started as a sales pitch turned into a slogan and is now axiomatic in some circles.  “Your people are the weakest link.”  More and more people are recognizing how wrong-headed that is but in the hopes of accelerating the demise of this phrase, let’s actually look at it. Consider the technical controls most organizations … Continue reading

Being an InfoSec Professional / Cybersecurity

The Engineers get busy: the Spectre/Meltdown patch roller coaster

The aspect of the latest Spectre/Meltdown vulnerability that interests me is not how wide-spread it might be.  Not that it is down below the OS level.  And while I am thankful I cannot find reports of it being exploited in the wild, not even that is what really interests me (though I am of course … Continue reading