Spiderlabs, Verizon, and You
Trustwave’s Spiderlabs issued their annual report of their work efforts in the last year; 220 data breach investigations and more than 2,300 penetration tests. They were kind enough to share […]
Category Archives: Information Security
Secrets, Wikileaks, and Hacktivism
Current events have put into keen focus the balancing act between privacy, data controls, the reason secrets are kept, and ethics. So if you haven’t had an interest in Wikileaks, […]
Threats, Threat Modeling and Analysis
This is a super high level presentation about basic threat modeling, SDL, and why a proactive stance is better than a reactive. I thought that it was fun. Threats, Threat […]
The Art of Keeping Things Done
The current field of information security is largely one of arcana, vagueness, arbitrary views, philosophy, mountaintop sages, a general lack of reliable data, and legions of vendors selling “best practices.” […]
The Politics of Respect
There is a lot of perennial talk of social engineering and direct project/resource management. Attempts to solve complicated political situations with manipulation or a slick widget tend not to work […]
Specialists, Generalists, Incompetence, and Cognitive Bias
I wanted to continue a bit where I left off with a non-technical explanation of what people such as myself do and my commentary on evolving technology management. Here is […]
Agile Infosec
This is a reprint of my comment to a Joshua Corman’s posting on The Fudsec Blog. Consider going there to read his article and the discussion that followed. I can’t […]
