The evolution is underway. Our infrastructures are borderless, our critical data is cloud based, and our users work from anyplace on the globe – or 36,000 feet above it. Our legacy controls are as outdated as the conceptual hardened perimeter and our users are still human; and will still succumb to the (not so) well…
Recently, while attending a conference in DC, I was part of a discussion around the new NIST Digital Identity Guidelines (SP 800-63) and how “…it turned the password world upside down”. Soon we were discussing the studies that were cited, and the logic behind the new recommendations, and how this would help CISO’s “look like…
Diversity di·ver·si·ty | \də-ˈvər-sə-tē, dī-\ Definition of diversity 1 : the condition of having or being composed of differing elements : the inclusion of different types of people (such as people of different races or cultures) in a group or organization» programs intended to promote diversity in schools 2 : an instance of being composed…
The Internet of Things is here.. By now, you’re probably well aware of the fate recently befallen on the Brian Krebs site KrebsOnSecurity.com. A Distributed Denial of Service (DDoS) attack in excess of 620/Gbps caused such a strain on one of the world’s largest DDoS protection services, that Krebs asked that his site fundamentally be…
Consider this if you will, that at the end of 2015, Google estimated there were 1.4 billion Android devices in use worldwide, and its over 2 billion devices when you add in Apple, Microsoft, and the balance of the others. Now, think about those 1.4 billion devices – the vast majority of which are vulnerable to the…
Consider for a moment the business lines that drive your company’s revenue. If the president of that business unit had an 85% assurance that a new business venture would be successful, would they pursue it? Likely they would. Neil Armstrong, one of America’s greatest heroes, once commented that they had a 90% chance of returning…
Being someone who’s spent the better part of his InfoSec career in the greater NYC area, one tends to become acutely aware of the millions of people who surround them walking the city streets. Much like the scene in Cryptonomicon, when our protagonist Lawrence Waterhouse used the up-and-down motion of people walking the streets of…
Look, let’s be frank – the week of the RSA Conference is a scheduling nightmare. On easy days it takes effort to manage, and on difficult days it’s completely unwieldy. There are more sessions, activities, keynotes, networking events and ancillary get-togethers than you can possibly imagine, both in and around the actual conference. With the…
Quantum Key Distribution (QKD), Quantum Entanglement (QE), and Quantum Random Number Generators (QRNG) are turning the cryptography world upside down. Indeed, one of the most enjoyable aspects of being in the Information Security space is that every day is a new battle. Many of the the things we’re dealing with now didn’t exist six months…
With having a bit of down time over the holiday season this year, I had an opportunity to catch up on a lot of my fellow security pundits predictions for 2016. Not too surprisingly, there were countless predictions of major breaches, new ransomware threats, and continuing cyber-militia activities. In fact, depending on who you believe,…