The Breach Research We Need

The Breach Research We Need

| | Uncategorized
I’m not afraid to point out misleading or bad research that is funded by marketing groups strictly to gain headlines. Studies from firms like the Ponemon Institute come to mind here that give us excellent, shareable headlines supported by a house of cards. The information presented is unusable for risk ... Read More
Pushing Vendors to Abandon SMS

Pushing Vendors to Abandon SMS

| | Uncategorized
SMS-based authentication continues to be a great way to placate a user into thinking they are safe while creating an avenue for attackers to gain access to their accounts. Fabio Assolini and Andre Tenreiro from Kaspersky published some research that puts numbers in fraud losses to these threats. SIM Swaps ... Read More
Brando’s Rules for Success

Brando’s Rules for Success

| | Diversions
I’ve had a few folks ask me if I could attribute any big life lessons that have helped me get to where I am. Things like the Golden Rule or an extremely healthy amount of respect for karma (both of which would be true for me) came to mind, but ... Read More
PCI Council Loses $600K in Revenue, PO Population on the Decline

PCI Council Loses $600K in Revenue, PO Population on the Decline

| | PCI
Last year I released a blog post and a GitHub repository with some code to calculate how much money the PCI Council brings in annually, with an estimation of lifetime revenue. There are some MAJOR assumptions in there that can swing the revenue in either direction. And, of course, there ... Read More