Writing – Leadership In Security

Security Blog

Infosec – Failing or Succeeding?

Noam Eppel from Vivica contends that Information Security is a complete failure, citing alarming statistics on security breaches and cybercrime. While his article highlights the risks, many dissent from his conclusion, considering it a collection of gloomy statistics often seen in security vendor pitches.
False Positives

During my morning commute, I encountered an interesting flaw in an alerting system. My car’s weight sensor triggers an alarm if it detects a possible passenger without a seatbelt. However, this car’s system escalates from a dinging sound to a rapid alarm. My immediate thought was to disable the alarm, highlighting a common security system…
Sledgehammers

Achieving perfect data security involves elaborate measures such as encryption, one-time passwords, asymmetric identifiers, and physical access controls. However, the ultimate level of security must align with the data’s value and potential threats, avoiding the extreme sledgehammer argument while striking a balance in risk management.
Pseudonymity

Pseudonymity refers to adopting a semi-permanent, yet incomplete or false identity, commonly observed in online communities. It allows individuals to use distinctive pseudonyms to establish their unique presence while avoiding full anonymity. This practice fosters better community engagement by promoting courteous interactions. However, the challenge lies in identifying instances where a single person assumes multiple…
Usenix Security Symposium

The upcoming USENIX security symposium in Vancouver during the first week of August promises an impressive lineup of invited talks. While I may not attend, I highly recommend catching Matt Blaze’s presentation on wiretapping, previously acclaimed as one of the most exceptional research talks at ICNS 2006.
Disclosure Laws

During a recent conference, a panelist expressed their belief that the California Disclosure Law (SB-1386) was an exceedingly inadequate information security regulation. However, I hold a different perspective. In my view, SB-1386 stands as the epitome of information security regulations, surpassing even the esteemed GLBA. While most regulations focus on prescribing specific controls for safeguarding…

Leadership Newsletter

Fetching Rocks

Leadership Moment: The Crowd Strikes Back In case you missed it, CrowdStrike had a small incident last month. As part of that incident, they communicated a lot. Incident reports. A $10 gift card for coffee for customer admins. Apologies. Full screen ads at BlackHat. Interviews with media from the Wall Street Journal to the Today… Read this …
A New Champion Emerges

Leadership Moment: Championship Football For the first time since 2018, the Boston Renegades are not the champions of the Women’s Football Alliance. Falling short 30-27 to the St. Louis Slam, the Renegades will start 2025 in a new position: trying to get back on top. It’s easy to denigrate sports teams when they don’t win… Read this …
What’s in the cards for you?

Leadership Moment: Playing Your Cards Right Last week, I was in New York for a CISO dinner with two of our portfolio companies, Valence Security and Aim Security. Yoni Shohet (Valence CEO) pulls me aside before the dinner and says, “I brought you a gift.” Now, I often get a lot of swag from companies… Read this …

Fiction

Skeleton

A necromancer and an Olympic event [Read the story]
Albus Dumbledore and the Rituals of Immortality

The words that didn’t make the Harry Potter septology that fill in the blanks for what’s really going on. [Read the story]