Writing


Security Blog

  • Infosec – Failing or Succeeding?
    Infosec – Failing or Succeeding?

    Noam Eppel from Vivica contends that Information Security is a complete failure, citing alarming statistics on security breaches and cybercrime. While his article highlights the risks, many dissent from his conclusion, considering it a collection of gloomy statistics often seen in security vendor pitches.

  • False Positives
    False Positives

    During my morning commute, I encountered an interesting flaw in an alerting system. My car’s weight sensor triggers an alarm if it detects a possible passenger without a seatbelt. However, this car’s system escalates from a dinging sound to a rapid alarm. My immediate thought was to disable the alarm, highlighting a common security system…

  • Sledgehammers
    Sledgehammers

    Achieving perfect data security involves elaborate measures such as encryption, one-time passwords, asymmetric identifiers, and physical access controls. However, the ultimate level of security must align with the data’s value and potential threats, avoiding the extreme sledgehammer argument while striking a balance in risk management.

  • Usenix Security Symposium
    Usenix Security Symposium

    The upcoming USENIX security symposium in Vancouver during the first week of August promises an impressive lineup of invited talks. While I may not attend, I highly recommend catching Matt Blaze’s presentation on wiretapping, previously acclaimed as one of the most exceptional research talks at ICNS 2006.

  • Pseudonymity
    Pseudonymity

    Pseudonymity refers to adopting a semi-permanent, yet incomplete or false identity, commonly observed in online communities. It allows individuals to use distinctive pseudonyms to establish their unique presence while avoiding full anonymity. This practice fosters better community engagement by promoting courteous interactions. However, the challenge lies in identifying instances where a single person assumes multiple…

  • Disclosure Laws
    Disclosure Laws

    During a recent conference, a panelist expressed their belief that the California Disclosure Law (SB-1386) was an exceedingly inadequate information security regulation. However, I hold a different perspective. In my view, SB-1386 stands as the epitome of information security regulations, surpassing even the esteemed GLBA. While most regulations focus on prescribing specific controls for safeguarding…


Leadership Newsletter

  • Managing the End of The Year
    Managing the End of The Year

    Leadership Moment: Holiday Time The holiday season has begun in full force, with Tishri, the month of Jewish observances (Rosh Hashanah, October 7th, Yom Kippur, Sukkot, Shmini Atzeret, and Simchat Torah), drawing to a close (wedged in there was Thanksgiving in Canada). On the heels of Tishri we’ll come into a month of mostly US… Read this …

  • Including
    Including

    A Moment for Memory Before I get into today’s newsletter, I want to take a moment to reflect on the past year. It’s been 366 days since the most horrific day for Jews since the Holocaust: when Hamas terrorists raped and butchered Israelis, killing 1,195 and abducting 251, including a baby. Many of those remain… Read this …

  • The Perversity of Incentives
    The Perversity of Incentives

    Leadership Moment: Tipping Over The Edge A summer camp that hires mostly young adults (high school/college) as its camp counselors has what is probably a standard policy: its counselors do not accept tips (while an understandable choice, not one supported by an argument that the counselors are well-compensated, but that’s a conversation for a different… Read this …


Fiction