Category: Opinion

  • Elastic Permissions

    Over the past two years my colleagues and friends have heard me talk about Elastic Permissions, and at some point I started hearing other people mention the term (yay for planting the seeds through consistently using a new term…). So I figured – for the sake of clarity, let’s put this out there for posterity.…

  • Incentives and metrics

    “you have to be very careful of what you incent people to do, because various incentive structures create all sorts of consequences that you can’t anticipate” Steve Jobs Observation 1: As more companies are enforcing a work from home (WFH) policy these days, a new trend is starting to emerge. I’ve already observed at least…

  • The Product Versus Skill Pendulum In Security And The Need For Better Solutions

    This post was originally published on Forbes Security used to be easy–a fairly binary condition over whether you are protected or not, whether you are patched or not, or whether the port is accessible to outside IP addresses or not. And then came complexity: Overlaying different aspects of vulnerabilities. Factoring in application issues, platform bugs,…

  • Trust-Building For Security

    This post was originally published on Forbes Trust is a fickle thing. And, weirdly enough, the basic assumption of a lot of security practices seems to include a certain level of trust in users that is pretty hard to justify these days. This is why we see so many successful breaches that can be traced…

  • Why You Should Go Beyond The Typical Penetration Test

    This post was originally published on Forbes If you’ve ever run across a penetration test report, they usually look bleak. I should know; I’ve authored hundreds of them. By their very nature, they try to focus on the most egregious security issues within a system or network. Having an understanding of how an actual adversary…