This is more from my noisy search for my next windmill to tilt at in what will be the great success of helping an organization become more resilient, capable, and respected for the information security posture they exhibit. I like…
Category: Rant
Leadership: Putting strategy back into human interaction
We spend a lot of time talking about leadership where we think of it as getting people to do something through some form of incentive or disincentive. Simply churning and burning our way to action through carrots and sticks though…
Curmudgeon Information Security Officer
After reading the first third of “Disrupted; My Misadventure in the startup bubble” by Dan Lyons I realized that I had been marketing myself all wrong. Hiring managers like the little-emperors of China want happy, go-lucky, youthful, soft individuals to…
The Social Media Plan: How Sam does it today
I am not rich or famous and most assuredly I am very average in intellect and capability. I have an on again and off again relationship with social media and networking. I am not what you would call a social…
Threat actor zero (TA0)
When Mandiant came out with the APT1 report the world was shattered into two camps. In the first camp was a group of people who were happy to have more information on the bad guys entering their networks and doing…
Reflections on hackers and graduate education
This isn’t going to be a long post on how to become a hacker. This is to long didn’t read and in not reading make silly comments that have nothing to do with the content long. Chances are if you…
Comparing two stories… Dope Smoking STEM
Comey: FBI ‘Grappling’ With Hiring Policy Concerning Marijuana “James B. Comey said Monday that if the FBI hopes to continue to keep pace with cyber criminals, the organization may have to loosen up its no-tolerance policy for hiring those who…
If the job sucks be awesome
I see a lot of discussion at hacker cons or security cons depending on your predilection that says something to the effect “I’m burned out and drink to much.” The information security community has a hidden underbelly that hangs over…
Cyber Security versus Information Security
Over at NovaSec @grecs has a post titled Cyber Security versus Information Security. He acknowledges that there are some problems in the lack of definitions. This has been a long time (eight decades) discussion in the field. First I have to admit that…
Cyberspace is NOT a man made domain
The fallacy I read on a daily basis about cyberspace being a man made domain just peeves me off. What the assertion that cyberspace is the first man made domain is actually doing is mixing up the tools of exploitation…
LinkedIN profile is toast….
I did away with another social media service. Buh bye LinkedIn. Why? In the what is becoming an old adage, if you aren’t paying for the product you are the product, I couldn’t figure out what LinkedIn was giving me.…
Woes me information (cyber) security is hard
Lots of discussion in the mainstream press about every fortune 500 being hacked, the <insert name> government has hacked us into smithereens. The world is ending. We need to do <insert favorite vendor solution> to save the world. Bull pucky.…
The lost art of making do
Let’s face it, we all like things that are new and shiny. When given a choice most of us pick new over old. The ongoing economic recession has made it more challenging for all of us to get the new…
Information theory and the need for deep thinking
On my two hour run today I was thinking about information security and the research vectors that I see within the discipline. I don’t publish very much so I have little effect on the space. I was thinking about how…
GAG ME: Danger room on Darpa Begs Hackers: Secure Our Networks, End ‘Season of Darkness’
Oh yeah I blew a gasket.