Security Blog

  • Infosec – Failing or Succeeding?
    Infosec – Failing or Succeeding?

    Noam Eppel from Vivica contends that Information Security is a complete failure, citing alarming statistics on security breaches and cybercrime. While his article highlights the risks, many dissent from his conclusion, considering it a collection of gloomy statistics often seen in security vendor pitches.

  • False Positives
    False Positives

    During my morning commute, I encountered an interesting flaw in an alerting system. My car’s weight sensor triggers an alarm if it detects a possible passenger without a seatbelt. However, this car’s system escalates from a dinging sound to a rapid alarm. My immediate thought was to disable the alarm, highlighting a common security system…

  • Sledgehammers

    Achieving perfect data security involves elaborate measures such as encryption, one-time passwords, asymmetric identifiers, and physical access controls. However, the ultimate level of security must align with the data’s value and potential threats, avoiding the extreme sledgehammer argument while striking a balance in risk management.

  • Pseudonymity

    Pseudonymity refers to adopting a semi-permanent, yet incomplete or false identity, commonly observed in online communities. It allows individuals to use distinctive pseudonyms to establish their unique presence while avoiding full anonymity. This practice fosters better community engagement by promoting courteous interactions. However, the challenge lies in identifying instances where a single person assumes multiple…

  • Usenix Security Symposium
    Usenix Security Symposium

    The upcoming USENIX security symposium in Vancouver during the first week of August promises an impressive lineup of invited talks. While I may not attend, I highly recommend catching Matt Blaze’s presentation on wiretapping, previously acclaimed as one of the most exceptional research talks at ICNS 2006.

  • Disclosure Laws
    Disclosure Laws

    During a recent conference, a panelist expressed their belief that the California Disclosure Law (SB-1386) was an exceedingly inadequate information security regulation. However, I hold a different perspective. In my view, SB-1386 stands as the epitome of information security regulations, surpassing even the esteemed GLBA. While most regulations focus on prescribing specific controls for safeguarding…

Leadership Newsletter

  • Let your grace shine through
    Let your grace shine through

    Leadership Moment: Letting Go A few weeks ago, Cloudflare let go a number of folks in its sales organization, and one of them (let’s call them AE) recorded the experience, and shared it online. It’s a long video, but to summarize: An HR representative, and a member of sales management (not AE’s manager or director,… Read this …

  • What Will You Write On Your Slate?
    What Will You Write On Your Slate?

    Leadership Moment: To Everything There is a Season It’s been an open secret in Foxborough this football season that it’s team captain Matthew Slater’s final year. In the pregame warmups before the Patriots’ final game, players and coaches came out wearing a tribute hoodie. And yet, when asked about how it felt at the start… Read this …

  • Charting a path out of the hole you’ve dug
    Charting a path out of the hole you’ve dug

    Leadership Moment: Rebuilding Burnt Bridges Carta, a stock/cap table management platform for startups, got itself into a bit of hot water recently. As a business that interacted with secondary customers (in this case, employees of the startups), it started engaging in a secondary market (selling shares of the startup to third parties), leveraging knowledge of… Read this …