Infosec Education: What are the “right” credentials?

Infosec Education: What are the “right” credentials?

| | Information Security
Well, the infosec community has done it again. We’ve gotten good and riled about something, with (maybe) good reason. In case you’ve been under a rock, here’s the breakdown: Equifax suffered a massive breach of consumer credit data (started in May 2017 and was announced in September). The CIO and ... Read More

Where are the “Actionable Defense” talks?

| | Information Security
This year, for the first time, I did not make it to DEF CON, B-Sides Las Vegas, Black Hat, etc. I was bummed, because this has been a yearly pilgrimage for a really long time for me, but too much work sandwiched on both sides of it. Naturally, I was ... Read More
An Open Letter to Human Resources Teams

An Open Letter to Human Resources Teams

Every few years, it seems, the information security community has a renewed interest in, and debate over, the value of certifications, degrees, experience, etc. in helping information security professionals land jobs. Along with this renewed interest comes a spate of blog posts and articles that aim to help those new ... Read More
MITM-as-a-Service: The Threat Surface We Didn’t Know We Had

MITM-as-a-Service: The Threat Surface We Didn’t Know We Had

This past week, as most security professionals know by now, a severe bug was discovered in the Cloudflare content delivery network’s service by noted researcher Tavis Ormandy. Organizations should pay attention when Tavis reaches out, just like they should when Brian Krebs reaches out – there’s a damn good reason, ... Read More

The More Infosec Changes, the More it Stays the Same

| | Information Security, musings
I took a full year off from blogging. It felt wonderful. Time to get back to being my ranty self, though, so I’m kicking off 2017 in style, at RSA in San Francisco. This will be a short post. It’s amazing to me, that in all this time in the ... Read More