Being an InfoSec Professional / Cybersecurity

The internet is not a highway, but security is like driving a car

I think it is safe to say that the internet is not an information superhighway anymore.  Maybe it was once, but now the interstates are threatening to become toll roads, the blue highways have sponsors and so many things are on the internet that if you do make a wrong turn you could literally end … Continue reading

Breach announcements / Cybersecurity

EVERYONE’S WHITEPAPER…ever. A how-to.

Sample (analysis follows): The cyber security threat landscape is awash in an ever changing fabric of “slings and arrows”.  It’s not just a matter of “if” script kiddies will attack the enterprise but “when” nation states.  And big, big breaches. Before the 20th century, there are only two recorded Denial of Service attacks: the burning … Continue reading

Being an InfoSec Professional / Cybersecurity

I’m certain that too much certainty is certain failure

I’ve extolled the virtues of false positives before.  Talking about the Boy Who Cried Wolf, I’ve pointed out that the villagers who chose to ignore his false alarms rather than correct his behavior or replace him were taking an unnecessary risk.  The story and a pack of wolves bear me out on this. I still … Continue reading

Being an InfoSec Professional / Cybersecurity / Privacy

Security and Privacy walk into a bar…

There can be no question that Security and Privacy are strongly related.  It would be easier if they were the same thing.  But they’re not, of course; there are differences.   This blog has never shied away from stating the obvious. This post tries to enumerate the significant differences between privacy and security: I.                    They come … Continue reading

Being an InfoSec Professional / Cybersecurity

In Defense of Compliance

We read it everywhere: “compliance is not enough”.  “Security must be more than compliance.”  Granted.  When the phrase “checking the box” only means working from a compliance checklist and never looking at how your servers are configured, you are vulnerable. When security professionals point this out, they are responding to the well intentioned attitude of … Continue reading