The Changing of the Guard for Information Security Executives?
(Full disclosure: This article firmly plays to my personal skill sets and career progression. Wherever possible, I have attempted to correct for my own bias) There has been a great deal of swirl lately regarding the topic of Chief Information Security Officers and what skills [...]
Correcting Cognitive Dissonance in Reactions to Information Security Presentations
I have recently attended a number of information security presentations. I honestly admire a presenter’s willingness to state a position in a public construct, regardless of whether I agree or disagree with the position or contents of the presentation. I will be honest… I have [...]
Why do we continually blame the “user” for a lack of security awareness? – A Polite Rant
Why do we continually blame the “user” for a lack of security awareness? Coming back from one of the most successful information security conferences in quite some time, it was difficult (but not impossible) to find something that needed improvement. I was confused and disappointed [...]
50 Days of Mischief for the Lulz?
This afternoon, the hacking collective known as Lulzsec announced that after 50 days of lulz, that they were hanging up their boots. In many respects, the decision would almost guarantee that the organization would vanish, despite attempts to identify or apprehend the members. Many people [...]
Why do we continually blame the “user” for a lack of security awareness? – A Polite Rant
Why do we continually blame the “user” for a lack of security awareness? Coming back from one of the most successful information security conferences in quite some time, it was difficult (but not impossible) to find something that needed improvement. I was confused and disappointed [...]
A Wish List for Vulnerability Scanners
Today, I am going to switch gears a little bit regarding my blog entries, and take a look at vulnerability scanners from an end user perspective. As you are no doubt aware, there are several to choose from. Rather than pander to a specific product, [...]
No categories
Correcting Cognitive Dissonance in Reactions to Information Security Presentations
I have recently attended a number of information security presentations. I honestly admire a presenter’s willingness to state a position in a public construct, regardless of whether I agree or disagree with the position or contents of the presentation. I will be honest… I have [...]
Feedback From Social-Engineer.org Podcast with Kevin Mitnick
This morning, I was listening to the Social-Engineer.org podcast with a special interview with Kevin Mitnick. It has been suggested that I was trolling Kevin, that I had a personal problem with Kevin, or that I hated Kevin and/or was jealous of him. This is [...]
No categories
Where is the motivation to innovate?
As security practitioners, we are used to the notion of keeping our heads barely above water. Information Security is a thankless game, where our greatest success is when we remain at zero. If we succeed (or are succeeding), nobody notices. If we fail, everybody sees [...]