Spend until you’re secure

I was watching a few Twitter conversations about purchasing security last week and had yet another conversation about security ROI. This has me thinking about what we spend money on. In many industries we can spend our way out of problems, not all problems, but a lot of problems. With security if I gave youContinue reading “Spend until you’re secure”

But that’s not my job!

This week I’ve been thinking about how security people and non security people interact. Various conversations I have often end up with someone suggesting everyone needs some sort of security responsibility. My suspicion is this will never work. First some background to think about. In any organization there are certain responsibilities everyone has. Without usingContinue reading “But that’s not my job!”

Security and privacy are the same thing

Earlier today I ran across this post on Reddit Security but not Privacy (Am I doing this right?) The poster basically said “I care about security but not privacy”. It got me thinking about security and privacy. There’s not really a difference between the two. They are two faces of the same coin but whyContinue reading “Security and privacy are the same thing”

Who’s got your hack back?

The topic of hacking back keeps coming up these days. There’s an attempt to pass a bill in the US that would legalize hacking back. There are many opinions on this topic, I’m generally not one to take a hard stand against what someone else thinks. In this case though, if you think hacking backContinue reading “Who’s got your hack back?”

When in doubt, blame open source

If you’ve not read my previous post on thought leadership, go do that now, this one builds on it. The thing that really kicked off my thinking on these matters was this article: Security liability is coming for software: Is your engineering team ready? The whole article is pretty silly, but the bit about liabilityContinue reading “When in doubt, blame open source”

Thought leaders aren’t leaders

For the last few weeks I’ve seen news stories and much lamenting on twitter about the security skills shortage. Some say there is no shortage, some say it’s horrible beyond belief. Basically there’s someone arguing every possible side of this. I’m not going to debate if there is or isn’t a worker shortage, that’s not reallyContinue reading “Thought leaders aren’t leaders”

Humanity isn’t proactive

I ran across this article about IoT security the other day The US Needs to Get Serious About Securing the Internet of Hackable Things I find articles like this frustrating for the simple fact everyone keeps talking about security, but nobody is going to do anything. If you look at the history of humanity, we’veContinue reading “Humanity isn’t proactive”

Stealing from customers

I was having some security conversations last week and cybersecurity insurance came up as a topic. This isn’t overly unusual as it’s a pretty popular topic, but someone said something that really got me thinking. What if the insurance covered the customers instead of the companies? Now I understand that many cybersecurity insurance policies canContinue reading “Stealing from customers”