Book highlights: The Mathematics of Love by Hannah Fry

This brief book by Hannah Fry is inspired by her TED talk with the same title: The mathematics of love.The main (very personal and non-comprehensive and biased) highlights I would like to share are:- When finding a partner: Give people a chance. Reduce your requirement list to the minimum.- Beauty is subjective and context-dependent. For singles, if you are invited to a party, get accompanied by a friend who is slightly less attractive (in general) than you.- It's better to start a conversation with someone you feel attracted to rather than waiting for that someone to come to you. Maths say so.- Online dating has potential (if people show themselves as they really are).- Applying basic game theory, being disloyal is not economically benefitial.- Complex network analysis help to study disease propagations.- By showing rejection and disdain with your partner, the probability to split increases dramatically.This time, nothing to do with Infosec. Or maybe yes?food for thought?
Read more

Book tip: “Time management for system admins” by Thomas A. Limoncelli

Just some practical sentences about this book from 2005 by Thomas A. Limoncelli.If you are working in Information Security or in Information Technology in general, and you need to improve managing your time and prioirities, this book deals with this eternal topic from a light (and IT based) viewpoint.I do not favour a lot the omnipresent self-help books. However, this book could help if the reader needs to improve on this field or is under a lot of stress.In a nuthsell, I would like to high light three points on time management:- It needs to follow a focused and committed methodology. - It helps organising any aspect of life.- IT people has the advantage of being able to devise and use automation.Happy reading!Growing
Read more

Book review: “Own Your Future : How to Think Like an Entrepreneur and Thrive in an Unpredictable Economy” by Paul B. Brown et al. The ALBR process

I came accross this book by Paul B. Brown, Charles F. Kiefer and Leonard A. Schlesinger almost by chance. The title was enticing so I decided to give it a go. You can read it really fast and the structure is very approachable. Having an Information Security mindset, you can apply generic recommendations to our professional field and even try out some entrepreneurial experiments that could lead you to a professional change. If you are going through a period of time after which you really need a positive? work-related change, reading this book could help you. As always, a little disclaimer: This post does not replace at any time the careful reading of the book and all points expressed here are extracted from the book but by no means complete, comprehensive or unbiased. If I would have to summarise the book in only one sentence, I would say ALBR. The acronym of Act, Learn, Build and Repeat. This is what authors recommend to put in practice your own ideas. Note that they start with the word Action. The beauty of this book comes now: You select the scope and the context in which you will apply your own...
Read more

Book review: “Diary of a hedge fund manager” by Keith McCullough

Keith McCullough and Richard Blake wrote this book in 2011: "Diary of a Hedge Fund Manager: From the Top, to the Bottom, and Back Again". Keith McCullough was also the author of the mcmmacro blog (already discontinued in 2008). This book has nothing to do with Information Security. At least it does not have a explicit link. Why do I post this review then? Let's summarise it in telegraphic bullet points:- Being a hedge fund manager is tough. The author mentions how starting work at 4 am was nothing extraordinary. Time required on a daily basis to follow companies and feel markets' sentiment is huge. Information security displays the same trait.- The book uses the professional sports world (more specifically, hockey) as an analogy. In both fields, required efforts and focus and existing competition are comparable. Also applicable to Infosec? I think so.- The mantra in hedge funding: Liquidity, transparency (well, actually the authors claim that during the first decade of this Century it was insufficient) and returns (on each and every single quarter!).- This book also suggests a higher degree of self-involvement in personal financial investment strategies. I would also suggest the same for...
Read more

Book highlights: The Sleep Revolution by Arianna Huffington

This time I share with my readers the main reading points of the book titled "The Sleep Revolution" by the famous entrepreneur Arianna Huffington, currently leading thriveglobal, probably the site to visit to keep yourself in balance.  Disclaimer: as always, a very personal and biased collection of thoughts extracted from the book. This collection by no means aims to replace the reading of this book.These are some of the aspects I would like to highlight, especially to the Information Security community professionals, so that they do not waste themselves, either by working or worrying, into sleepless nights.:Main takeaways- Women need some more sleep than men.- Lack of sleep produces overweight and heart attacks.- Sleep is currently an underrated health habit. It is a side of life that should be as important as our awake time.- People in key jobs such as drivers, pilots, doctors run higher risks when they are not well rested.- Sleep changed from being a social and looked after event to being a despised need. Now there are changing times.- Sleep is for the brain to be healthy. During sleep, the brain cleans itself from toxic proteins.- Poor sleep transforms into poor memory.-...
Read more

Book highlights: The Filter Bubble by Eli Pariser

This time I write about a book by Eli Pariser first appeared in 2011. It title points to its main content: The filter bubble. How the new personalized web is changing what we read and how we think.As it were real future-telling, the author, already in 2011, prepares the reader to understand the perils of web personalization and its potential consequences. Now, in 2017, those consequences have materialised.Let's remember that an interesting part of Information Security is Personal Data Privacy (it that still exists!). As always, little disclaimer, this collection of learning points do not replace the reading of the book and they constitute a very personal list of items. Let's start:- The arrival of personalised Internet search by Google in 2009 contributed to make the user of that search a real product rather than a customer.- The delivery of personalised search results creates, for each of us, a personal bubble in which we will live on. This is great in terms of confirming our interests, however this is not so great in terms of isolating each of us within our own bubble and system of beliefs.- Different point but also worth highligthing: Asymmetry in email. The cost...
Read more

Book highlights: Willpower: Rediscovering the Greatest Human Strength by Roy Baumeister and John Tierney

This book about Willpower by Roy Baumeister and John Tierney is worth reading it to prepare the next term, especially when the to-do list is long and the leisure temptations are formidable.In a super concise nutshell, and never replacing its reading, the points I highlight for those Information Security experts following this blog already for years are the following:- A monthly plan is much more effective than a daily plan. Days go differently as planned but months give you the time you need to achieve your goals.- Short-term targets need to be anchored to long-term targets, otherwise they are very dangerous.- Our will power requires energy. More specifically, it requires glucose in our brain.- Decision taking also requires energy. If you have no energy, do not take decisions that time.- We can train our will power. Start with baby steps, right as I recommend in my IT Security Management book.- Being part of a community with goals similar to ours always help to grow will power. The opposite is unfortunately also true.- When you prepare your to-do lists, fine grain your complex goals into manageable activities.- Proposal: Work with bi-weekly or monthly plans and revise them.- For...
Read more

Book Review: Site Reliability Engineering. How Google runs production systems

Intro The following points come from a book by many Googleans and related colleagues such as Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy title "Site Reliability Engineering: How Google runs productions systems".DisclaimerDisclaimer: As always, in every book review I have posted, these reviews are just invitations to read the book. Not a replacement!Rationale"Traditionally system developers ended their task once we threw their creation into production". This brought only trouble both to the final customers and to the staff in charge of providing the service.Objective This book is basically Google's attempt to revamp the role of system administrator and operator in production. To place it at the same level system developers were and are.How?No magic solution, just common smart sense i.e. giving system admins in prod the possibility to improve the system themselves, to automate and to scale. The authors confirm that their proposal is a specific DevOps way.Automation From manual steps to externally maintained automation, both system specific and generic, then to internal automation and finally autonomy.Reliability How do they define reliability: "Probability that a system performs a function with no failure under stated conditions for a period of time". An outage for the...
Read more

Book Review: Practical Data Science with R by Nina Zumel and Jim Porzak

This is a very very brief collection of points extracted from this book titled "Practical Data Science with R". For those starting in this field of Data Science a recommendable foundational reference.The main parts: An introduction to Data Science, modelling methods and delivering results.As always, an important disclaimer when talking about a book review: The reading of this very personal and non-comprehensive list of points, mostly taken verbatim from the book, by no means replaces the reading of the book it refers to; on the contrary, this post is an invite to read the entire work.Part 1 - Intro to Data ScienceI would highlight the method the authors propose to deal with data investigations:- Define the goal - What problem are you solving?- Collect and manage data - What info do you need?- Build the model - Find patterns in data that leads to a solution- Evaluate and critique the model - Does the model solve my problem?- Present results and document - Establish that you can solve the data problem and explain how- Deploy the model - Deploy the model to solve the problem in the real world.Part 2 - ModelsCommon classification methods such as...
Read more

Wannacry related interim timeline

Let me share a timeline I constructed regarding Wannacry during the last days. The interesting point I shared with some colleagues was that the patient zero (o patients) infection vector is not referenced or described as of now yet.15th February 2017 Microsoft cancels its monthly patching for that month 9th March 2017 Wikileaks press release regarding Vault7, "the largest-ever publication of confidential documents on the agency" according to Wikileaks.https://steemit.com/wikileaks/@ausbitbank/wikileaks-vault-7-march-9th-press-conference-transcript14th March 2017 Microsoft publish security update MS17-010 for SMB Server https://technet.microsoft.com/en-us/library/security/ms17-010.aspx14th April 2017 (according to https://www.wired.co.uk/article/nsa-hacking-tools-stolen-hackers) Equation Group (see https://en.wikipedia.org/wiki/Equation_Group) releases some exploits, EternalBlue among them. EternalBlue took advantage of the vulnerability that Microsoft patch MS17-010 fiexed.https://github.com/misterch0c/shadowbroker/14th April 2017 Microsoft publish their triage analysis on the exploitshttps://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/15th April 2017 Security companies analyse exploits. One example of the anaylisis of EternalBlue is the following:https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/15th April 2017 Some news sites start to wonder how come that the patch existed before the release e.g. https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/12th May 2017 WannaCry appears in the wildhttps://en.wikipedia.org/wiki/WannaCry_cyber_attackSome sources mention that the infection vector was a phishing emailhttps://www.heise.de/newsticker/meldung/WannaCry-Was-wir-bisher-ueber-die-Ransomware-Attacke-wissen-3713502.htmlhttp://www.wired.co.uk/article/wanna-decryptor-ransomwarehttps://www.cylance.com/en_us/blog/cylance-vs-wannacry-wanacrypt0r-2-0.htmlHowever, no analysis yet of that mentioned phishing email, its attachment and its modus operandi in general.Update 1:
Read more
Page 1 of 3123