Superior Integrity Monitoring: Getting Beyond Checkbox FIM

If File Integrity Monitoring (FIM) were easy, everyone would be doing it. Actually, it is pretty easy. It’s not exactly rocket science. Practically anyone with a modicum of Python, Perl or development skills can write an app or a script to gather the checksum of a file, compare it to a list ... Read More

What Is SCM (Security Configuration Management)?

The coronavirus 2019 (COVID-19) pandemic shifted the cybersecurity landscape. According to a PR Newswire release, the FBI tracked as many as 4,000 digital attack attempts a day during the pandemic. That’s 400% more than what it was prior to the pandemic. In response to these attacks, 70% of CISOs told ... Read More

Social Engineering: Hacking Brains…It’s Easier than Hacking Computers

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to ... Read More

Understanding the Purpose of Security Controls and the Need for Compliance

What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do ... Read More
Baselines

It’s All About the Baselines: Security Edition

I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.” So it would ... Read More

Harvesting Likes on Social Media or a Window for the Hacker to Climb Through?

So earlier this year, I wrote a piece about how we as humans are so quick to give away personal information to various companies in the quest for discounts or free stuff. As I gave it further thought, I realized that sometimes we give away our personal information in search ... Read More

Hacking Is Not a Crime! Additional Thoughts from DEFCON 2019

| | defcon, events, Hacking
In my previous post, I spoke about all of the different DEFCON villages where attendees can learn about and purchase all sorts of fun hacking/counter hacking tools. Even so, I covered only a small fraction of the activities at the conference. For example, attendees have the opportunity to participate in ... Read More
What is Fuzzing?

Ideas and Innovations at DEFCON 2019

Every year when I go to Black Hat USA and DEFCON, I am reminded of the constant battle between light and dark…wait…that’s Return of the Jedi…. I mean of the constant battle between infosec and the big bad hacker. And it’s not just the uber sophisticated hacks that involve fuzzing ... Read More
Al Gore on creating the internet

Your Personally Identifiable Information Is Part of You: Stop Giving It Away

Are hackers really the problem when governments can just ask for or legislate the requirement to turn over user data? Russia currently has approximately 149 million people living in within its borders, and while Tinder is not the most popular dating app in the country, even a small percentage of ... Read More

Developing an Effective Change Management Program

Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually the monkeys who make the changes that bring ... Read More

Application Security Check Up