Category Archives: Security

Today containers are a bit like how cars used to work a long long long time ago. You couldn’t really buy a car, you had to build it yourself or find someone who could build one for you in their barn. The parts were terrible and things would break all the time. It probably ranContinue reading “Your containers were built in some guy’s barn!”

If you pay any attention to the news, no doubt the story of the Linux ransomware that’s making the rounds. There has been much said about the technical merits of this, but there are two things I keep wondering. Is this a singular incident, or the first of many? You could argue this either way. It mightContinue reading “Is the Linux ransomware the first of many?”

Anytime you do anything, no matter how small or big, there will always be three groups of people involved. How we interact with these groups can affect the outcome of our decisions and projects. If you don’t know they exist it can be detrimental to what you’re working on. If you know who they areContinue reading “The Third Group”

How do we talk to the regular people? What’s going to motivate them? What matters to them? You can easily make the case that business is driven by financial rewards, but what can we say or do to get normal people to understand us, to care? Money? Privacy? Donuts? I’m not saying we’re going to turnContinue reading “How do we talk to normal people?”

How many times have you tried to get buyin for a security idea at work, or with a client, only to have them say “no”. Even though you knew it was really important, they still made the wrong decision. We’ve all seen this more times than we can count. We usually walk away grumbling aboutContinue reading “How do we talk to business?”

Anytime there’s some sort of vacuum, something will appear to fill the gap. In this context we’re going to look at what’s filling the vacuum in security. There are a lot of smart people, but we’re failing horribly at getting our message out. The answer to this isn’t simple. You have to look at what’sContinue reading “What’s filling the vacuum?”

The security people are currently losing the battle to win the hearts and minds of the people. The war is far from over but it’s not currently looking good for our team. As with all problems, if there is a vacuum, something or someone end up filling it. This is happening right now in security.Continue reading “We’re losing the battle for security”

One the hardest things we have to do is to build trust. It’s not hard for everyone, just us specifically. It’s not in our nature. Security people tend not to trust anyone. Everything we do is based on not trusting anyone, it’s literally our job. Trust is a two way street. If you expect someoneContinue reading “How to build trust”

We can’t. You think you can, but you can’t. This reminds of the Feynman video where he’s asked how magnets work and he doesn’t explain it, he explains why he can’t explain it. Our problem is we’re generally too clever to know when to stop. There are limits to our cleverness unfortunately. I’m picking on bufferContinue reading “How can we describe a buffer overflow in common terms?”

Sometimes it’s really hard to be nice to someone. This is especially true if you think they’re not very smart. Respect is a two way street though. If you think someone’s an idiot, they probably think you’re an idiot. You’re both going to end up right once it’s all over though. As an industry weContinue reading “Being a nice security person”