Security and privacy are the same thing

Earlier today I ran across this post on Reddit Security but not Privacy (Am I doing this right?) The poster basically said “I care about security but not privacy”. It got me thinking about security and privacy. There’s not really a difference between the two. They are two faces of the same coin but whyContinue reading “Security and privacy are the same thing”

Who’s got your hack back?

The topic of hacking back keeps coming up these days. There’s an attempt to pass a bill in the US that would legalize hacking back. There are many opinions on this topic, I’m generally not one to take a hard stand against what someone else thinks. In this case though, if you think hacking backContinue reading “Who’s got your hack back?”

When in doubt, blame open source

If you’ve not read my previous post on thought leadership, go do that now, this one builds on it. The thing that really kicked off my thinking on these matters was this article: Security liability is coming for software: Is your engineering team ready? The whole article is pretty silly, but the bit about liabilityContinue reading “When in doubt, blame open source”

Thought leaders aren’t leaders

For the last few weeks I’ve seen news stories and much lamenting on twitter about the security skills shortage. Some say there is no shortage, some say it’s horrible beyond belief. Basically there’s someone arguing every possible side of this. I’m not going to debate if there is or isn’t a worker shortage, that’s not reallyContinue reading “Thought leaders aren’t leaders”

Humanity isn’t proactive

I ran across this article about IoT security the other day The US Needs to Get Serious About Securing the Internet of Hackable Things I find articles like this frustrating for the simple fact everyone keeps talking about security, but nobody is going to do anything. If you look at the history of humanity, we’veContinue reading “Humanity isn’t proactive”

Stealing from customers

I was having some security conversations last week and cybersecurity insurance came up as a topic. This isn’t overly unusual as it’s a pretty popular topic, but someone said something that really got me thinking. What if the insurance covered the customers instead of the companies? Now I understand that many cybersecurity insurance policies canContinue reading “Stealing from customers”

You know how to fix enterprise patching? Please tell me more!!!

If you pay attention to Twitter at all, you’ve probably seen people arguing about patching your enterprise after the WannaCry malware. The short story is that Microsoft fixed a very serious security flaw a few months before the malware hit. That means there are quite a few machines on the Internet that haven’t applied aContinue reading “You know how to fix enterprise patching? Please tell me more!!!”

Security like it’s 2005!

I was reading the newspaper the other day (the real dead tree newspaper) and I came across an op-ed from my congressperson. Gallagher: Cybersecurity for small business It’s about what you’d expect but comes with some actionable advice! Well, not really. Here it is so you don’t have to read the whole thing. Businesses canContinue reading “Security like it’s 2005!”