Category: deep thoughts

Leaking company secrets via generative AIs like ChatGPT

For a third party, knowing what people from company X are asking of ChatGPT (or any other generative AI) could be quite interesting and profitable…

Continue Reading

Vulnerability management – we’re doing it wrong

Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched”…

Continue Reading

Make your near misses count

Security near misses are opportunities for learning and improvement, but when they are ignored, they can play a role in setting the stage for serious incidents. Use them wisely!

Continue Reading

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Continue Reading

Another killer woodpecker

Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…

Continue Reading

Malware protection is easy – Malinformation protection is hard

Whenever it seems like the challenges of protecting my employer from risks to information security or business continuity are towering above me, I stop and…

Continue Reading

Too much information?

An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…

Continue Reading

Boredom and security

We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…

Continue Reading

Can experience be a hindrance in making security decisions?

Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a…

Continue Reading

Deepfakes – Welcome to the post truth society

I recently watched the New York Times’ Weekly episode “Deepfakes – Believe at Your Own Risk” and while I have been concerned about the implications…

Continue Reading