Millions, Billions, Zillions Defending Yourself in a World of Too Many

|
The world of information security is awash in figures and statistics. From the estimated expensive costs of password resets, to cost of a data breach studies, the endlessly quoted Verizon Data Breach Investigation Report, to the near monthly hundreds of millions of customer’s data breaches, and countless more. For anyone ... Read More

Ben’s Book of the Month: Review of “Click Here to Kill Everybody: Security and Survival in a Hyper-connected World”

|
Perhaps the most meaningless term in information security is though leader. I know what it is supposed to mean, but many people who consider themselves information security thought leaders are anything but that. Nonetheless, if there is anyone who is a thought leader in the true sense of the term, ... Read More

Ben’s Book of the Month: Review of “Security without Obscurity: A Guide to Cryptographic Architectures”

|
It’s been a little over four years since author J.J. Stapleton wrote the second in his Security without Obscurity series in A Guide to Confidentiality, Authentication and Integrity (Auerbach Publications 978-1466592148). In the just released third volume of the series, Security without Obscurity: A Guide to Cryptographic Architectures(Auerbach Publications 978-0815396413), ... Read More

Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time

|
For those in the New York City area, they know the tagline from radio station 1010 WINS “you give us 22 minutes, we'll give you the world”. It’s no exaggeration to claim that one could create a significantly size cloud-based IT infrastructure in AWS in 22 minutes. It’s also no ... Read More

Ben’s Book of the Month: Review of “Social Engineering: The Science of Human Hacking”

|
There is a story about Harry Houdini, that he once failed to escape from a jail cell, even though the door was unlocked. The reason he stayed trapped is that he only knew how to get out of locked doors. In the world of technology, there are indeed many locked ... Read More

Ben’s Book of the Month: Review of “The Truth Machine: The Blockchain and the Future of Everything”

|
The hype cycle is a branded graphical presentation developed and used by Gartner to represent the maturity, adoption and social application of specific technologies. The five phases of the hype cycle are: Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity The 2017 Hype ... Read More

Ben’s Book of the Month: Review of “A Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be Using”

|
In the world of information security, the ability to actually implement something and bring ideas to fruition, is commendable. In A Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be Using (ISBN 978-1549836534), author Roger A. Grimes take his decades of experience and give the reader excellent advice ... Read More

Ben’s Book of the Month: Review of “Zero Trust Networks: Building Secure Systems in Untrusted Networks”

|
The notion of a zero trust networks (ZTN) was created in 2010 by John Kindervag, then of Forrester. Kindervag felt that as enterprises moved slowly towards a data-centric world with shifting threats and perimeters, a new concept of what constituted a secure network had to be created. It was ahead ... Read More

Ben’s Book of the Month: Review of “InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe”

|
To address the lack of women in cyber security, a new book is out dealing with that in InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe (Rethink Press 978-1781332696) by Jane Frankland. In this interesting book, she brings to light detail ... Read More

Ben’s Book of the Month: Review of “Machine Learning and Security: Protecting Systems with Data and Algorithms”

Machine learning and security are all the rage. With the RSA Conference a little more than 2 weeks away, there will be plenty of firms on the expo floor touting their security solutions based on AI, deep learning, and machine learning. In Machine Learning and Security: Protecting Systems with Data ... Read More