Writing – Leadership In Security

Security Blog

Infosec – Failing or Succeeding?

Noam Eppel from Vivica contends that Information Security is a complete failure, citing alarming statistics on security breaches and cybercrime. While his article highlights the risks, many dissent from his conclusion, considering it a collection of gloomy statistics often seen in security vendor pitches.
False Positives

During my morning commute, I encountered an interesting flaw in an alerting system. My car’s weight sensor triggers an alarm if it detects a possible passenger without a seatbelt. However, this car’s system escalates from a dinging sound to a rapid alarm. My immediate thought was to disable the alarm, highlighting a common security system…
Sledgehammers

Achieving perfect data security involves elaborate measures such as encryption, one-time passwords, asymmetric identifiers, and physical access controls. However, the ultimate level of security must align with the data’s value and potential threats, avoiding the extreme sledgehammer argument while striking a balance in risk management.
Usenix Security Symposium

The upcoming USENIX security symposium in Vancouver during the first week of August promises an impressive lineup of invited talks. While I may not attend, I highly recommend catching Matt Blaze’s presentation on wiretapping, previously acclaimed as one of the most exceptional research talks at ICNS 2006.
Pseudonymity

Pseudonymity refers to adopting a semi-permanent, yet incomplete or false identity, commonly observed in online communities. It allows individuals to use distinctive pseudonyms to establish their unique presence while avoiding full anonymity. This practice fosters better community engagement by promoting courteous interactions. However, the challenge lies in identifying instances where a single person assumes multiple…
Disclosure Laws

During a recent conference, a panelist expressed their belief that the California Disclosure Law (SB-1386) was an exceedingly inadequate information security regulation. However, I hold a different perspective. In my view, SB-1386 stands as the epitome of information security regulations, surpassing even the esteemed GLBA. While most regulations focus on prescribing specific controls for safeguarding…

Leadership Newsletter

The Case of the Missing Tupperware

Tunde Oyeneyin asks, “Who’s to blame?” Before I dive into the scenario, a caveat: it’s an inane story, about two friends and a misplaced borrowed dish. But fitness instructors have to share a lot of inane stories, to fill the airtime while telling people to lift weights, cycle, run, or row. We expect it. There’s Read this …
Shadows on the Wall

This newsletter is not about Mike Vrabel and Dianna Russini. That situation is the candle, and this newsletter is about the shadow play on the walls, and what that story says about us. If you don’t know what I’m talking about, very briefly: Mike Vrabel is the head coach of the New England Patriots, and Read this …
I’m a Hall of Fame Voter. Here’s how I vote.

I just submitted my votes for the Hall of Fame. Not the Pro Football Hall of Fame, which is all over the news (and discussed below, read on!), but the CSO Hall of Fame. It’s an honor to be a judge, participating in curating membership in an elite institution, but it’s also a hard responsibility. Read this …

Fiction

Jumper

“Did you ever want children, Ms. Well?” Amanda paused at that question. It had been a weird interview – not many job interviews involved a therapy session, but apparently casinos did care about how well-balanced their security staff were – but this almost pushed her buttons. Taking a deep breath before answering, she considered her [Read the story]
Skeleton

A necromancer and an Olympic event [Read the story]
Albus Dumbledore and the Rituals of Immortality

The words that didn’t make the Harry Potter septology that fill in the blanks for what’s really going on. [Read the story]