Being an InfoSec Professional / Cybersecurity / Privacy

Awareness training always has an attitude

A lot depends on why you think you’re training people.  That motivation comes through in the attitude.  And that attitude has a lot to do with how successful the training is.  By my estimate, there are any number of nuanced attitudes but they more or less gravitate to one of three motives: We’re training you … Continue reading

Depends what you mean by “guest” and other musings about WiFi
Being an InfoSec Professional / Cybersecurity

Depends what you mean by “guest” and other musings about WiFi

This is not primarily about the security of attaching to a wireless access point (WAP).   But since communication is a two way affair, let’s start with the endpoints and get them out of the way: You are more likely to have your purse snatched at a train station than in your living room.  And the … Continue reading

Being an InfoSec Professional / Cybersecurity / Links

Misuse of the word “firewall”

Political reporters/analysts have taken to using the word “firewall”.  To which we as cybersec geeks can only respond “huh”? To be bi-partisan about it, I provide two examples. Writing about the South Carolina Democratic Party primary, CNN says “At the heart of Clinton’s strategy to sew up the Democratic nomination is the notion that minority … Continue reading

Being an InfoSec Professional / Cybersecurity

The “Big” Risk Transfer

There is time between those risk management milestones.   During that time, risk is in limbo.   During that limbo, it’s the CISO that owns the risk.  Orchestrating the transfer of risk to the appropriate risk owner is one of the most under appreciated things that a CISO does. Here’s a hypothetical example: let’s say that there … Continue reading

Breach announcements / Cybersecurity

EVERYONE’S WHITEPAPER…ever. A how-to.

Sample (analysis follows): The cyber security threat landscape is awash in an ever changing fabric of “slings and arrows”.  It’s not just a matter of “if” script kiddies will attack the enterprise but “when” nation states.  And big, big breaches. Before the 20th century, there are only two recorded Denial of Service attacks: the burning … Continue reading