You’re Fired – Cybersecurity Apprentice

You’re fired. No, this isn’t about a politician’s catchphrase. It’s actually something I overheard at a conference last year. I was listening to two people sitting near me talk about a security incident that had happened at the woman’s company. “He should be fired,” was the other person’s immediate response. This makes me wonder if […]

Security Awareness Training, Now With Personality!

I had the opportunity a couple of months ago to meet Kevin Finke at a conference. Kevin isn’t a security guy, he’s a self described design nerd. But Kevin has changed the way I look at my security awareness program. We talk a lot about how we need to “revolutionize” our security awareness programs, but […]

The Next Generation of Security Professionals

Yes…that’s me and my wife, hanging out with Jeordi LaForge (LeVar Burton), Dr. Beverly Crusher (Gates McFadden), and Mr. Data (Brent Spiner).  Trek yourself before you wreck yourself. In The War of Art, Steven Pressfield says that the difference between an amateur and a professional is that the professional has a plan. According to CSO […]

Unsolicited Advice For Solicitors

“These are the new leads. These are the Glengarry leads. And to you they’re gold, and you don’t get them. Why? Because to give them to you is just throwing them away. They’re for closers.” –Glengarry Glen Ross This past week I got around 70 cold calls or emails from vendors I’ve never worked with […]

Pick Up Lines Vs. Social Engineering

One of my favorite pickup lines goes like this…have a girl feel the cuff of your jacket or shirt. Ask her, “do you know what kind of material this is”? And when she says no, tell her “boyfriend” material. Here’s a thought exercise. (Disclaimer, I could be totally wrong. Also, I’ve never used a pick […]

Herd Immunity & Information Sharing In Cybersecurity

As I raise my child, I’m continually amazed at how fragile we are as a species. What’s more, how do animals survive in the wild? Not only do herds of giraffe’s or antelope have to face illnesses, they have to fight off large predators. We’re in a similar situation with cybersecurity. Hackers act in a […]

Show Me the Money: Incentivizing Cybersecurity

What I’m about to tell you, it’s a very personal, a very important thing. Hell, it’s a family motto. Are you ready? Here it is: Show me the money. SHOW! ME! THE! MONEY! A core principle of nearly every business in the world is that they incentivize great performance. This might be a monetary bonus […]

Cybersecurity’s Happy Gilmore Problem

People, processes, and technology are the three parts of every security program. Sometimes, people make the mistake of believing that technology is the biggest or most important part. It isn’t. It might be the easiest part, since you can make quick changes to technology and buy new things to instantly improve it. But the biggest […]

Between The Keyboard And The Chair

I have a lot of respect for people who work at a help desk. When I was right out of college, I got a job at a call center. I had to take an average of one call every 4 minutes. That means I talked to 120 people every day on average, and a lot […]

The Strongest Element

In Cybersecurity we refer to employees as the Human Element. We generally call the Human Element the weakest link in Cybersecurity. It’s easy to see the logic in this, but unfortunately for many of us, this is wrong. Humans are the Strongest Element in Cybersecurity. Sure, humans are the ones that make the mistakes. They […]

Privacy, Customs, and You

If you are travelling to Mexico and you are a technophile, good news!  The 9th Circuit now says that Customs agents no longer have carte blanche to search your devices. See more from the Wired article: http://www.wired.com/threatlevel/2013/03/gadget-border-searches/ The 9th Circuit decision has an impact on border crossings into California and Arizona.  That doesn’t mean that […]

Crimesourcing

Imagine a world where criminals used sophisticated networks of middlemen. Transactions between pawns were untraceable. All using the power of something called, the Internet. And people wonder why I say that the law is having a hard time keeping up with technology. The article gives a great overview of the developments in cybercrime over the […]

What Would Jesus Hack

Interesting article in the Economist about the connection between Christian values and the values of the Hacker/Open Source Community: http://www.economist.com/node/21527031

What has Al Franken done for me lately, Part 1

In February of this year, the Senate Judiciary Committee voted to form a new sub-committee on Privacy, Technology, and the Law. They chose my favorite Senator, Al Franken to chair the new group. After I heard about this new committee’s formation back in February (feb 14), they kinda went radio silent for a few months, […]

2011 US Information Security Related Measures

So far, in the first 6 months of 2011, there have been 9 different Information Security related proposals put forward by different Senators that would create new laws or reform existing ones. February 20 2011 – Rep. Rush (D-Ill) reintroduces BEST PRACTICES Act April 7 – SEC Regulation S-P mandates that financial firms safeguard confidential […]

Sony PSN Breach

One of the reasons I decided to start an Information Security blog is that after researching some of the issues around the Sony PlayStation Network Breach that occurred in April I was left with more questions than answers.One of the things that I’ve noted is that there are very few blogs out there that deal […]