I had the opportunity to spend a few days at a security conference last month, in which I talked with hundreds of people in the information security community about their fears, concerns, hopes, and plans. One thing that stood out to me was the sheer optimism and joy that most of the conference attendees brought with them. They were not there (only) for the swag or the cocktail hour or the chance to be away from their day jobs for a few days.
Read more >>
Passwords are the scourge of application security. Password reuse is rampant, data breaches compromising poorly stored passwords are common, passwords are difficult to remember and easy to crack, password guidance is inconsistent.
Against all these odds we put the responsibility of account security squarely on the shoulders of our users. We give them tools that will make them more secure, but are difficult to use like Multi-Factor Authentication and Password Managers.
Read more >>
I really appreciate the efforts that Apple has made to protect the privacy of their users. In my mind this does two things. First, it offers a model of competition where other companies can see Apple’s success in protecting data while providing competing features. Second, it gives customers an option to “un-subsidize” the common advertising and data-as-currency model for cheap devices.
The problematic component of this means that we could end up with a two tier privacy model whereby an individual can maintain the privacy of their data and self only if they are able to pay for it.
Read more >>
“Where to begin” is a common question we hear in security. Our clients will come to us and ask what they should do next in terms of security. What’s their next step. What will make the biggest impact, or what’s the best value for their investment.
As we kickoff this new newsletter and website I find myself asking the same question. Where to begin.
When I work with our clients my first questions we gravitate toward is to understand their goals.
Read more >>
Joe and I created this website and newsletter to help you do your job better, and in so doing, make the world a better place for all of us to live in. We want to share with you what we see in the security industry, and in the world at large, through the lens of two security professionals who have been at this for a very long time. We have been thinking about security, finding and exploiting vulnerabilities, writing interesting code, managing teams of engineers, and helping our customers (large and small) up their game for over twenty years each.
Read more >>
