Being an InfoSec Professional / Cybersecurity

The internet is not a highway, but security is like driving a car

I think it is safe to say that the internet is not an information superhighway anymore.  Maybe it was once, but now the interstates are threatening to become toll roads, the blue highways have sponsors and so many things are on the internet that if you do make a wrong turn you could literally end … Continue reading

Breach announcements / Cybersecurity

When is a breach notification not a breach notification?

In Memoriam Barnaby Jack.(1) When it’s an indictment, a settlement or an ethical hack.  It is interesting to note the difference between a breach notification press release (these are required by law, for example, for breaches of health care data affecting over 500 individuals) and the subsequent coverage and reports of indictments, settlements and ethical … Continue reading

Being an InfoSec Professional / Cybersecurity

The Winter of our discontent

Can information security professionals be satisfied? Ever?  Yes.  But should they be?  Ever wonder if Advanced Persistent Threats came into the world in part because the information security profession became more and more predictable?   Or worse: commoditized, as I will discuss below. Lately, as corporate web sites from multiple industries in virtually every continent are … Continue reading