Too much information?
An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively ... Read More
It could happen to anyone…
The headline is eye catching: a data breach at a highly respected security training organization when an employee falls for a phishing email. It is ... Read More
EmailRep – Squeezing actionable info from malicious email addresses
Yes, I know it has been quite a while since I have posted anything to the old blog, but I do have an excuse… in ... Read More
Securing the real perimeter – part 2
In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take ... Read More
Securing the real perimeter – part 1
I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I ... Read More
Living off the land – EFS Ransomware
Attackers have responded to improved security against malware in Windows environments by “living off the land” (LOTL) – using the tools already present in the ... Read More
Recognizing and dealing with insider risk
I came across an interesting white paper from the deep mists of the past (2011) which is as relevant today as it was back when ... Read More
Boredom and security
We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security ... Read More
Can experience be a hindrance in making security decisions?
Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a ... Read More
Are passwords really the best we can do?
So by now, you have seen the news stories about the doofus hackers who are breaking into Ring cameras and scaring kids. And it turns ... Read More
