Current events have put into keen focus the balancing act between privacy, data controls, the reason secrets are kept, and ethics.
So if you haven’t had an interest in Wikileaks, related individuals, the classified information that was leaked to them, and the people that did it, let’s get you caught up.
First, I would suggest [...]
This is a super high level presentation about basic threat modeling, SDL, and why a proactive stance is better than a reactive. I thought that it was fun.
Threats, Threat Modeling and Analysis
I’ve had even less time to myself than usual lately so let me apologize in advance for not separating and expanding on [...]
The current field of information security is largely one of arcana, vagueness, arbitrary views, philosophy, mountaintop sages, a general lack of reliable data, and legions of vendors selling “best practices.”
It was my hope that I could help out a little by giving a talk on my take of how our industry can best navigate [...]
There is a lot of perennial talk of social engineering and direct project/resource management. Attempts to solve complicated political situations with manipulation or a slick widget tend not to work very well over time. They are not addressing the underlying issue.
The wedge of compliance or a mandate from a framework may get some [...]
I wanted to continue a bit where I left off with a non-technical explanation of what people such as myself do and my commentary on evolving technology management.
Here is the abstract from Unskilled and Unaware of It: How Difficulties in Recognizing One’s Own Incompetence Lead to Inflated Self-Assessments (Justin Kruger and David Dunning, Department [...]