Collaborate Disseminate
What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point,… Continue reading Understanding the Purpose of Security Controls and the Need for Compliance
I am all about the baselines. I’ve made an entire career out of them. But if you were to ask a random person on the street what that means, the reaction would be: “Who the heck are you, and why are you asking me random weird questions.̶… Continue reading It’s All About the Baselines: Security Edition
In my previous post, I spoke about all of the different DEFCON villages where attendees can learn about and purchase all sorts of fun hacking/counter hacking tools. Even so, I covered only a small fraction of the activities at the conference. For examp… Continue reading Hacking Is Not a Crime! Additional Thoughts from DEFCON 2019
Every year when I go to Black Hat USA and DEFCON, I am reminded of the constant battle between light and dark…wait…that’s Return of the Jedi…. I mean of the constant battle between infosec and the big bad hacker. And it’s … Continue reading Ideas and Innovations at DEFCON 2019
Are hackers really the problem when governments can just ask for or legislate the requirement to turn over user data? Russia currently has approximately 149 million people living in within its borders, and while Tinder is not the most popular dating ap… Continue reading Your Personally Identifiable Information Is Part of You: Stop Giving It Away
Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually… Continue reading Developing an Effective Change Management Program
If File Integrity Monitoring (FIM) were easy, everyone would be doing it. Actually, it is pretty easy. It’s not exactly rocket science. Practically anyone with a modicum of Python, Perl or development skills can write an app or a script to gather the c… Continue reading Superior Integrity Monitoring: Getting Beyond Checkbox FIM
With Black Hat 2017 and DEFCON rapidly receding into the desert sunset, I am left with a couple of thoughts after several days on the show floor talking to customers: 1. Wow! So many fidget spinners – cheap ones, expensive ones, plastic, metal, ones that lit up, ones that didn’t, and ones that were supposed […]… Read More
The post Thoughts from Black Hat 2017 and Killer Car Washes appeared first on The State of Security.
Continue reading Thoughts from Black Hat 2017 and Killer Car Washes