Being an InfoSec Professional / Cybersecurity / Data Science / Risk Management

People are hardly the weakest link in security

What started as a sales pitch turned into a slogan and is now axiomatic in some circles.  “Your people are the weakest link.”  More and more people are recognizing how wrong-headed that is but in the hopes of accelerating the demise of this phrase, let’s actually look at it. Consider the technical controls most organizations … Continue reading

Being an InfoSec Professional / Cybersecurity

The Engineers get busy: the Spectre/Meltdown patch roller coaster

The aspect of the latest Spectre/Meltdown vulnerability that interests me is not how wide-spread it might be.  Not that it is down below the OS level.  And while I am thankful I cannot find reports of it being exploited in the wild, not even that is what really interests me (though I am of course … Continue reading

Being an InfoSec Professional / Breach announcements / Cybersecurity

A recent REALLY BIG breach: reporting relationships and college degrees

We are somehow hearing about what the Equifax CISO studied in college and not about when the firm’s last pen test was.    We are hearing about how heads rolled at Equifax but not if the reporting relationship between IT and Security has been revised.  Since the interim CISO seems to be reporting to the interim … Continue reading