Patient Safely, Validated State, and Cyber Security! OH MY!

There are some interesting influences on medical devices related to cyber security (yeah, I know, cyber. Common parlance is common parlance.) that you may or may not be aware of. I am not saying that medical devices are special snowflakes and nobody else knows our pain, but there are some ... Read More

Man, It’s Dusty Around Here

The last time I posted on this blog was March 13th, 2013 immediately following my last public speaking engagement at an information security conference. Who was to know that a year later I would be done with enterprise security and working in a totally new vertical? Certainly not me. In ... Read More

Enterprise Information Security Architecture and Threats: Do We Care?

The following question, paraphrased, came up during my RSA 2013 presentation on why an Enterprise Information Security Architecture (EISA) matters: Do you factor in threats when developing your EISA? My initial response was essentially "no." The person who asked the question came up after the presentation and wanted me to ... Read More
Oliver_Winchester

Winchester House Security: Why Enterprise Security Architecture Matters

On Friday, March 1st, 2013, I delivered my first RSA USA talk. It was a 20 minute talk on the need for and the value of an Enterprise Security Architecture. In addition to extolling the benefits of an EISA, I also provided a high level description of what one should ... Read More

Infosec and the Value of Twitter

| | career
The title to this post is a bit of a lie. Well...not a lie so much as a bit restrictive. The value of Twitter I am referring to is that of community and mutual support. I have a friend, we'll call him Bob, who is somewhat early in his Infosec ... Read More
Veteran’s Day: Thank You!

Veteran’s Day: Thank You!

| | General, Veterans Day
There are several times every year when I think about the armed services of the United States. Days like Independence Day, the anniversary of D-Day, the anniversary of the attack on Pearl Harbor and others. Many times, I have wanted to let the people who serve our country in this ... Read More

USB Stick of Death: Not Really Low Severity

On October 21st, 2012, Mateusz “j00ru” Jurczyk, published a blog post describing an exploit he developed which allows one to execute a privilege escalation attack on Windows 7. The attack results in one having SYSTEM level permissions on the machine. SYSTEM is the highest level of permissions one can have, ... Read More