Tag: security

  • The Product Versus Skill Pendulum In Security And The Need For Better Solutions

    This post was originally published on Forbes Security used to be easy–a fairly binary condition over whether you are protected or not, whether you are patched or not, or whether the port is accessible to outside IP addresses or not. And then came complexity: Overlaying different aspects of vulnerabilities. Factoring in application issues, platform bugs,…

  • Trust-Building For Security

    This post was originally published on Forbes Trust is a fickle thing. And, weirdly enough, the basic assumption of a lot of security practices seems to include a certain level of trust in users that is pretty hard to justify these days. This is why we see so many successful breaches that can be traced…

  • Why You Should Go Beyond The Typical Penetration Test

    This post was originally published on Forbes If you’ve ever run across a penetration test report, they usually look bleak. I should know; I’ve authored hundreds of them. By their very nature, they try to focus on the most egregious security issues within a system or network. Having an understanding of how an actual adversary…

  • Two Frameworks For Securing A Decentralized Enterprise

    This post was originally published on Forbes Many modern enterprises no longer operate in a highly centralized manner. Traditionally, cybersecurity in enterprise environments consisted of defining trust boundaries, placing controls over these boundaries, setting standards and policies for the safe and secure handling of data, enforcing said policies and scrutinizing any code/applications that were developed…

  • “To the full extent of their capabilities”

    Took me a while to clear up time and read Dave Aitel’s post on his experience with the NSA as compared to the interview that Edward Snowden did with James Bamford of Wired. Make sure you do too, and then come back here for a quick reality adjustment. So, just to set things straight: I…