How do you know what security technologies we need to buy? How do we know when to buy them? And how can we demonstrate sustainability? That’s my riff for this morning.
Watch more videos on my YouTube channel.
Archive for March, 2016
Stuck in Traffic – Flash Exploit Kits
Posted byFollowing the attack path of a Flash exploit kit, adding controls and countermeasures along the way.
Watch more videos on my YouTube channel.
Stuck in Traffic – .edu
Posted bySymantec’s 2015 Internet Security Threat Report ranked higher education in third place for criminals’ favorite targets. Let’s run down the reasons why .edu is a target and has a unique security posture.
Watch more videos on my YouTube channel.
Stuck in Traffic – Collaborating
Posted byThe ideal security function is setup to reduce the most risk at the least amount of effort. It is easier to give a communications team a security message than it is to build a communications team with a security function. So why don’t we collaborate more with other teams?
Watch more videos on my YouTube channel.
Stuck in Traffic – Parking
Posted byThoughts on parking security while parking. Today, a very meta video.
Watch more videos on my YouTube channel.
Stuck in Traffic – Training and Culture
Posted bySecurity awareness is related to but separate from security culture. Training is related to but separate from behavior. Organizations need both.
Watch more videos on my YouTube channel.
Stuck in Traffic – Waze like Indicators
Posted byPlease don’t use IP addresses as indicators of compromise. Don’t use domain names. Don’t use hashes. These are easy for a criminal to change. What we need is the things that are hard to change, like tools and tactics. And in a dream world? Delivered by something like Waze.
Watch more videos on my YouTube channel.
Stuck in Traffic – Work that looks like Work
Posted byWhen work looks like work, work gets done. There’s a psychological reason for this: we are hardwired for the familiar. So here’s a couple ways to leverage this wiring with management, IT, and developers.
Watch more videos on my YouTube channel.
Stuck in Traffic – Jenkins
Posted byNew feature! Launch calculator from Jenkins. Huzzah! Two lessons learned from this week’s Jenkins vuln announcement.
Watch more videos on my YouTube channel.
Stuck in Traffic – Raising the adversaries costs
Posted byTalent shortage not only affects us, it also is affecting the criminals. New technology nog only takes us time to fund and install, it takes criminals time to fund bypasses and exploits. The trick is raising their costs disproportionally to raising our own.
Watch more videos on my YouTube channel.