Nathan Hamiel has a really good post on Maximizing The Value of Virtual Security Conferences. To his key point of ‘know what you want to get out of it’ and ‘know what it would take to make it happen,’ I want to add two ideas: First, take notes with a pen and paper. This is…Read More Maximizing The Value of Virtual Security Conferences
There’s a post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security. Her post shares the context of socio-technical approaches, discussed the (re-named) RISCS institute, and shares the current problem book. The post and the problem book are both worth a careful read. (I’m honored to be an advisor to the…Read More Sociotechnical Approach to Cyber Security
It will come as no surprise to regular readers of this blog that I prefer the written word to audio and video, but 2020 being 2020, I now have a YouTube Channel, with the first video below:Read More Video series
With engineering, courage, and leadership, we can do amazing things.Read More Happy Apollo 11 Day!
I enjoyed being a guest on Software Engineering Radio: Adam Shostack on Threat Modeling. It’s a substantial, in depth interview, running nearly 80 minutes, and covering a wide variety of topics.Read More Software Engineering Radio
The EFF has filed an amicus brief on the Computer Fraud and Abuse Act: Washington, D.C.—The Electronic Frontier Foundation (EFF) and leading cybersecurity experts today urged the Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA)—and protect the security research we all rely on to keep us safe—by holding…Read More Amicus Brief on CFAA
The Internet Society Open Letter Against Lawful Access to Encrypted Data Act was published this morning. It’s an important and broad coalition to protect the ability of American companies to deliver security to their customers. I’m honored to be one of the signers.Read More Internet Society Opposition to LAED Act
This talk by Alyssa Miller is fascinating and thought provoking. She frames a focus on integrating threat modeling into devops. The question of ‘what are we working on’ is answered with use cases, and threat modeling for that sprint is scoped to the use cases. ‘What can go wrong’ is focused on a business analysis…Read More Threat Model In My Devops