Being an InfoSec Professional / Cybersecurity

A change is gonna come

This will start with the first law of thermodynamics and end up with change management.  All the while, we will keep information security in focus. So, simply put, the first law of thermodynamics says that the amount of energy in a closed system cannot be increased or decreased.   If we substitute “effectiveness of security controls” … Continue reading

Being an InfoSec Professional / Cybersecurity

Why isn’t this blog more technical

I am getting a fair amount of questions (which is blogger speak for the more introspective “I keep asking myself”): why isn’t this blog more technical?  Why aren’t I persistently advancing threads about advanced persistent threats?  Am I intentionally filtering out packet filter discussions? (note to self: do not turn into cyber security’s answer to … Continue reading

Being an InfoSec Professional / Cybersecurity

The Winter of our discontent

Can information security professionals be satisfied? Ever?  Yes.  But should they be?  Ever wonder if Advanced Persistent Threats came into the world in part because the information security profession became more and more predictable?   Or worse: commoditized, as I will discuss below. Lately, as corporate web sites from multiple industries in virtually every continent are … Continue reading

Being an InfoSec Professional

Cyber Security professionals need to help stop cyberbullying

Protecting data confidentiality, integrity and availability are not enough. We also must promote the ethical use of cyber space.  And that starts by making sure it is not a place where anyone, especially children, can be harmed and exploited. An organization in Ireland does a great job of promoting this important effort: http://www.stopcyberbullies.ie/ Continue reading