How to Hire a Cybersecurity Professional

When I was in high school, cybersecurity didn’t exist. While today’s colleges are busy training the first generation of cybersecurity experts, my advice is to consider looking outside the security field for the best new hires. Find the right attitude before you look for the right skills – security concepts ... Read More

The One with the Lucky Hacker

The point of cybersecurity is not to control the hacker. The point of cybersecurity is to protect everyone and everything. You can’t do that following the processes. At best that will help you maintain the majority in a risk-neutral scenario eventually - but only once you’re secure ... Read More

Security: Getting Off the Patch – The Shining Hope

If patching is a tactic towards a particular security strategy, how can that be bad? Welcome to the sequel of “Getting Off the Patch” where we explore the pros and cons of patching ... Read More

Security: Getting Off the Patch

There’s a whole lot more to patching than fixing a bug or a vulnerability. Patching doesn't eliminate or reduce harm on its own – it’s only a way to add or take away code. At best it either closes an interactive point or fixes a flaw in an existing operation ... Read More

Business and Cybersecurity: The Codependency

There are a lot of books and blogs written about how cybersecurity should learn the language of business to be taken seriously, and how we need to learn finance and risk to convince the heads of these mighty nations we call corporations. Yet, they will sink without security. So, shouldn’t ... Read More

Assumptions: The Deadliest Vulnerability

Assumptions are the vulnerability you didn’t see coming. When you use assumptions for security, you’re basically guessing with severe bias. And doing that can leave you with a hole in your security large enough to literally drive a truck through ... Read More

An Open Letter to Advertising Agencies on Application Security

| | security bloggers network
If you ever thought that advertising is a dirty business, know that it’s even dirtier than you suspected. With minimal effort, marketers often find exactly what they look for. Whether on other copywriters’ portfolios, popular file-sharing sites, or even on public vendor and company websites, private things are left open ... Read More

SIEM City, Baby

People often find themselves with a SIEM or a security program that has anything resembling a SIEM, and are not getting out of it what they should: security help. Here is how you can change that ... Read More