I went to the Educause Security Professionals Conference last week. I have been going to this conference for many years and always take home something useful. This year, James Bamford, best known as an expert on the NSA, gave the keynote address. His talk was about how America has lost control of this secret and…
DetailsThe world of the CISO is becoming an almost thankless job. No matter what you do, how well you present to the Board, how complete your program is, it seems your back is always against the wall. The business complains of the burden security places on operations, the delays it causes, the relationships it destroys,…
DetailsWhile I was unable to attend RSA this year, after reading Chenxi Wang’s LinkedIn post on ‘Booth Babes’, I have to say… It’s about damn time. To briefly recount a personal experience, several years ago, while walking this same Moscone floor, I was quite literally almost run over by a lycra-wearing ‘policewoman’ buzzing around the expo floor…
DetailsOne of the aphorisms used in security is, “We have to be right all of the time, and the bad guys only have to be right once.” While this may or may not be 100 percent accurate, it is a pretty good policy to go by when you’re building a security program. With over 325,000…
DetailsBayes’ Theorem essentially measures the degree of belief, or certainty in something. The Cybersecurity industry has been challenged with the idea of sensitivity and specificity for quite some time. In computer science this can be codified via binary classification (decision trees, Bayesian networks, support vector machines, neural networks). Many industry Cybersecurity solutions will be relegated…
DetailsDistributed Denial of Service (DDoS) attacks are very inefficient but very effective. Auditors are careful to be sure their findings are accurate so that they are not accused of being unfair to their subjects and so they maintain their reputation for impartiality. Spammers expect a small number of hits for the millions of messages they…
DetailsJust for fun, I decided to count how many unsolicited emails I got in a 24 hour period offering to either fix my security problems, fix my network problems, fix my management problems, fix my compliance problems or train me to do all of the above. Most of them required me to either attend a…
DetailsSo you want to know what the secret to success is. First, you need to change the way you look at and ask the question. Instead of wondering what the secret to success is, you should be questioning what the secret to YOUR success is. Spoiler alert: The answer is in the last little bit.…
DetailsIf you have ever sat through an orchestral concert, you would hear the first chair oboe playing a single note for the rest of the fellow orchestral players to latch onto and begin the process of fine tuning. At first, it is a single A440 resonating on stage, followed section by section, strings, brass, percussion, until…
DetailsAs a security professional, I have an ongoing love/hate relationship with privacy. I have always been the person supporting privacy policies at the University, I even have Privacy as one of my seven pillars of a security program. I have to say that sometimes I feel that I care more about my customer’s (what do…
DetailsIt’s no secret that I love Las Vegas and all it has to offer including gambling. To me, this is a natural affection due to what I do in my day-to-day life. Isn’t that what we as IT Security professionals do every day, gamble? But instead of gambling with our own money or chips, we…
DetailsIn the first two parts in my series, a “Path to a Career in Cyber” and a “Path to a Career in Cyber Part and Then Some,” I explained how I got into IT and found my passion which is Cyber Security. I also discussed how I built my lab in my garage and how I…
Details