Category: deep thoughts

Make your near misses count

Security near misses are opportunities for learning and improvement, but when they are ignored, they can play a role in setting the stage for serious incidents. Use them wisely!

Continue Reading

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury – it is a basic security requirement. Credentials do not belong in code, even if that code is stored in a safe inside a vault inside a volcano.

Continue Reading

Another killer woodpecker

Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then…

Continue Reading

Malware protection is easy – Malinformation protection is hard

Whenever it seems like the challenges of protecting my employer from risks to information security or business continuity are towering above me, I stop and…

Continue Reading

Too much information?

An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively…

Continue Reading

Boredom and security

We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…

Continue Reading

Can experience be a hindrance in making security decisions?

Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a…

Continue Reading

Deepfakes – Welcome to the post truth society

I recently watched the New York Times’ Weekly episode “Deepfakes – Believe at Your Own Risk” and while I have been concerned about the implications…

Continue Reading

Something about (Japanese) foxes and hen houses

Not strictly a security story, but interesting and alarming… Japanese authorities have decided that: It is permissible to make contributions to politicians using cryptocurrencies like…

Continue Reading

Naming and shaming

So here’s a bit of an odd story… according to the Financial Times, the US Federal Reserve has publicly sanctioned an ex employee of a…

Continue Reading