Leaking company secrets via generative AIs like ChatGPT

For a third party, knowing what people from company X are asking of ChatGPT (or any other generative AI) could be quite interesting and profitable ...

Vulnerability management – we’re doing it wrong

Security professionals (and the people who measure our performance like auditors and regulators) have traditionally taken a stance that “all serious vulnerabilities should be patched” ...

Make your near misses count

Security near misses are opportunities for learning and improvement, but when they are ignored, they can play a role in setting the stage for serious incidents. Use them wisely! ...
Secret Volcano Starburst TV Commercial

Hunting for secrets on GitHub

We need to work with system designers and developers to make them understand that using a secure credential vault with programmatic access is not an optional luxury - it is a basic ...

Another killer woodpecker

Way back in 1977, a computer scientist from the University of Nebraska coined “Weinberg’s law:” If builders built buildings the way programmers wrote programs, then ...

Malware protection is easy – Malinformation protection is hard

| | deep thoughts, Politics
Whenever it seems like the challenges of protecting my employer from risks to information security or business continuity are towering above me, I stop and ...

Too much information?

An interesting piece in the Harvard Business Review highlights the one of the challenges information security professionals face when dealing with security awareness; we actively ...

Boredom and security

We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security ...

Can experience be a hindrance in making security decisions?

| | CSO, deep thoughts, useful stuff
Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a ...

Deepfakes – Welcome to the post truth society

I recently watched the New York Times’ Weekly episode “Deepfakes – Believe at Your Own Risk” and while I have been concerned about the implications ...