Look left when everyone looks right and say no when everyone says yes. Then, ask why? You’re in the position as a security professional to tell the bosses no; that’s what you’re paid for. Don’t be afraid to cry wolf when something is out of the ordinary, and do it often. It may not be […]

Do tools make us dumber? I don’t agree with the idea exactly, as they are just that, tools. Tools are just another level of abstraction from thinking at a lower level. It’s what distinguishes an engineer from a kit builder. Who here wants to program in 1’s and 0’s, or use Maxwell’s equation in designing […]

Hey Mike, thanks for posting your presentation (Building a Sustainable Security Career) you gave to ISSA-NH the other day. I found it interesting, since “your father’s 6 fundamental assumptions about work” were the same I had for quite a while. You can definitely see how the talk can apply outside of information security, so I’m […]

Several of us have been discussing in a thread at the Security Calayst Community Forums, and we all have differing opinions on what constitutes an “insider threat.” In my opinion an insider threat is a party who has the capability and intention of exploiting a vulnerability in an asset. An example “what if” somebody brought […]

SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS), seeks to assist organizations in understanding intrusion detection system and intrusion prevention system technologies and in designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention system (IDPS) solutions. It provides practical, real-world guidance for each of four […]