Good morning 2011
It felt good. I took the last two weeks of 2011 and took a hiatus from Twitter, I tried to stop reading security stories and I generally just stayed away from my home office and computer whenever I...
View Article2011 Social Security Awards
I am so behind on my blogging it’s not funny. I was supposed to say something about the 2011 Social Security Awards a couple of weeks ago, but between running around the country and writing long,...
View ArticleNetwork Security Podcast, Episode 243
We blame Rafal Los for this week’s podcast. He was looking for someone to host a discussion on which is easier to learn, the business side of the business or the security side of the business. And...
View ArticleNew to Security? Get on Twitter
It’s not uncommon for me to get questions from aspiring security professionals asking, “What should I be doing to break into security? How can I learn more about security?” More and more, my answer...
View ArticleFundamental flaw in thinking: We’re responsible
Over the last few months I’ve come to the conclusion that we’re doing security wrong. Not the day to day details, though we’ve gotten a lot of that wrong as well. I mean we’ve gotten the big picture...
View ArticleHoping to affect change at the ISC2
It might just be a pipe dream to hope that these folks can make any significant change at the ISC2, but the fact that they’re trying is more than I’ve ever done. Which is why I’m hoping you’ll throw a...
View ArticleOpen Tabs 11/03/11
This week’s podcast conversation with HD Moore and Josh Corman was a good thing. Getting the ideas of “HD Moore’s Law“, the security poverty line and security debt out there so other people can beat...
View ArticleWhy are we talking philosophy instead of technology?
A friend of mine recently complained in Twitter that, according to his count, nearly 80% of all talks given at the security conferences he’d looked at recently were now non-technical. It might be in...
View ArticleNotes from SOURCE Seattle
I got to attend my first SOURCE event last week, thanks to a lucky confluence of events which freed up my time. Mainly, I didn’t have to go to the PCI Council’s Community Meeting and was able to take...
View ArticleNetwork Security Podcast, Episode 291
This week’s show went a little long, as all three of us had a lot to say on the stories we covered. We also spent more than a few minutes at the beginning of the show talking about some of the...
View ArticleCan DevOps become SecOps?
This is an incomplete thought. This week I saw Gene Kim give his talk on DevOps and The Phoenix Project for the first time. I’d read the book and loved it, but I’d never seen Gene put life into the...
View ArticleUsing the Secret Weapon
I’m not the most organized person in the world; I never have been and I never will be. But I’ve usually been able to keep a modicum of organization in my life by using pen and paper and a notebook....
View ArticleSecurity in popular culture
One of the shows I’ve started watching since coming to the UK is called “QI XL“. It’s a quiz show/comedy hour hosted by Stephen Fry where he asks trivia questions of people who I assume are...
View ArticleTwitter spam filters overloaded
I believe the Twitter spam filters are currently overloaded or at least someone’s figure out a way around them. In the last 72 hours, I’ve gotten more twitter followers than I normally get in a three...
View ArticleIs pay rising with demand in security?
If you follow me on twitter, you know I like to throw out questions occasionally just to stir things up. On Friday I asked the following question about jobs in the security realm: We keep hearing...
View Article“All we need to do is …. redo everything”
I love listening to idealists. In fact, I’d be one if it wasn’t for the crushing despair and cynicism that working in the security profession has instilled in me. Or maybe I work in this field...
View Article
More Pages to Explore .....