Stuck in Traffic – The A&W Third Pounder

In the 1980s, A&W launched a third pounder hamburger. It failed, just like many infosec initiatives. Today, we look at what we can learn from A&W.

Watch more videos on my YouTube channel.

Right way to use a web application firewall: buy time to detect and respond to attacks.

Watch more videos on my YouTube channel.

What cholera outbreaks teach is about information security, and the dangers of being locked into mental models.

Watch more videos on my YouTube channel.

Where do you start a career in information security? As a app developer? A systems administrator? Or maybe as a network engineer?

Watch more videos on my YouTube channel.

So your security program slid back. Perhaps a key metric fell. Perhaps you fixed an audit finding in one year, only to have it reappear in the next. What a security leader does next matters. Here is what NOT to do.

Watch more videos on my YouTube channel.

You can’t just do the thing. I mean, you can. But how do you know if the thing got done? Stayed done? Gets done again?

Watch more videos on my YouTube channel.

Fonts. Strings. Packets. It’s always the pesky inputs getting us into trouble. Also, fun fact: my grandfather changed the family name in the 1920s out of security concerns over unicode.

Watch more videos on my YouTube channel.

The back of paintings tells is a lot. The same can be said of the backs of access cards and, really, any where people don’t often look.

Watch more videos on my YouTube channel.

When it comes to securing against a tactic, we have to keep the end in mind. That’s the way to identify effective controls. Otherwise, we can over engineer and end up with chocolate in our parfait.

Watch more videos on my YouTube channel.

Suppose I have a magic CD. Simply by inserting the disc into the car, I can steal any vehicle. Scary! Of course, I’d first need the car keys to start it and use the stereo. Hmm. Let’s use attack paths to create a sniff test for vulnerabilities.

Watch more videos on my YouTube channel.