August 2012

I’d like to offer up a thought with regards to the latest swirl of discussion around ‘information sharing’ in security: Don’t share, publish. I want to talk about this because more and more folks are starting to question the value of information sharing frameworks and forums. Andrew and I share that skepticism in The New…

Read More Don't Share, Publish

Neil Armstrong died August 25, aged 82. It’s difficult to properly memorialize this man, because, to a degree almost unheard of in our media-saturated times, he avoided the limelight. A statement by his family notes: As much as Neil cherished his privacy, he always appreciated the expressions of good will from people around the world…

Read More Neil Armstrong, RIP

Over at Lexology.com, there’s a story which starts: Medical-data blackmail is becoming more common as more health care providers adopt electronic health records systems and store patient data digitally. (“Hackers demand ransom to keep medical records private“) The trouble with this opening sentence is that it has nothing to do with the story. It’s a…

Read More The Plural of Anecdote is Anecdotes

There’s a fascinating story in the New York Times, “Profits on Carbon Credits Drive Output of a Harmful Gas“: [W]here the United Nations envisioned environmental reform, some manufacturers of gases used in air-conditioning and refrigeration saw a lucrative business opportunity. They quickly figured out that they could earn one carbon credit by eliminating one ton…

Read More Regulations and Their Emergent Effects

I’m a big fan of learning from our experiences around breaches. Claims like “your stock will fall”, or “your customers will flee” are shown to be false by statistical analysis, and I expect we’d see the same if we looked at people losing their jobs over breaches. (We could do this, for example, via LinkedIn…

Read More Your career is over after a breach? Another Myth, Busted!

Someone reached out to me about a job that looks really interesting: The Director of Security Experience, Education & Research (SEER) will be responsible for defining the customer-facing security strategy for PayPal , define product roadmaps to enhance feature security and usability, drive customer security best practices adoption throughout our industry, and drive customer security…

Read More Fascinating Job at PayPal