A lot depends on why you think you’re training people. That motivation comes through in the attitude. And that attitude has a lot to do with how successful the training is. By my estimate, there are any number of nuanced attitudes but they more or less gravitate to one of three motives: We’re training you … Continue reading
Author Archives: David Sheidlower
Depends what you mean by “guest” and other musings about WiFi
This is not primarily about the security of attaching to a wireless access point (WAP). But since communication is a two way affair, let’s start with the endpoints and get them out of the way: You are more likely to have your purse snatched at a train station than in your living room. And the … Continue reading
The CISO’s Oxymoron
Is there such a thing as a “hands off CISO”? No. There is no such thing. In the debate around what the CISO does and does not do, what they are and they aren’t, there is no room for a choice between “hands on” and “hands off.” This is isn’t an issue of who punches … Continue reading
The internet is not a highway, but security is like driving a car
I think it is safe to say that the internet is not an information superhighway anymore. Maybe it was once, but now the interstates are threatening to become toll roads, the blue highways have sponsors and so many things are on the internet that if you do make a wrong turn you could literally end … Continue reading
Misuse of the word “firewall”
Political reporters/analysts have taken to using the word “firewall”. To which we as cybersec geeks can only respond “huh”? To be bi-partisan about it, I provide two examples. Writing about the South Carolina Democratic Party primary, CNN says “At the heart of Clinton’s strategy to sew up the Democratic nomination is the notion that minority … Continue reading
The “Big” Risk Transfer
There is time between those risk management milestones. During that time, risk is in limbo. During that limbo, it’s the CISO that owns the risk. Orchestrating the transfer of risk to the appropriate risk owner is one of the most under appreciated things that a CISO does. Here’s a hypothetical example: let’s say that there … Continue reading
When is a breach notification not a breach notification (part three)?
When it is presidential primary news. When the “family feud” is more newsworthy than the data. When there are no less than four parties involved who one can identify as data custodians of one kind or another. In a single sentence, the incident can be described as follows (the four data custodians are numbered in … Continue reading
I am not a number, I am a data point
Identity has changed. The post-World War II generation was concerned about being identified as a number. The sight of emaciated humans with identifying numbers tattooed on their inner forearms made this very real and very scary. By the late 1960’s the TV show The Prisoner portrayed the hero objecting on a regular basis: “I am … Continue reading
Big Data ebook free to download
this ebook is free to view or download. A humanistic look at Big Data, aggregation and how a data-centric view of the world is changing our relationship to our identities and the groups we belong to. click below (left to look/right to receive) to view or download: Big Data- slipping its moorings Continue reading
The hack that maybe wasn’t: Ashley Madison
In the world of on-line romance and breach notifications, the Ashley Madison hack is unique. Usually, on-line romance crimes involve fraud. Law enforcement officials report that on-line romance fraud is under-reported because the victims are too embarrassed to admit they were duped. They do not want to go through the humiliation of having a detective … Continue reading
{Cyber Security} 