Post thumbnail
People sometimes ask me about my recording setup, and I wanted to share some thoughts about recording good learning content. The most important thing I’ve learned is the importance of conceptualizing what you want it to look like. The other thing I’ve learned is that the more expensive gear is usually more expensive for decent…
Read More Recording LecturesIf everyone agrees on what we should do, why do we seem incapable of doing it? Alternately, if we are doing what we have been told to do, and have not reduced the risks we face, are we asking people to do the wrong things? Read Mike Tanji’s full article, From Solar Sunrise to Solar…
Read More This time for sure, Pinky!There’s a new report out from the UK Government, The UK Code of Practice for Consumer IoT Security. One of the elements I want to draw attention to is: The use of IoT devices by perpetrators of domestic abuse is a pressing and deeply concerning problem that is largely hidden from view. Collecting data (and…
Read More IoT Security & Threat ModelingI generally try to stay on technical topics, because my understanding is that’s what readers want. But events are overwhelming and I believe that not speaking out is now a political choice. I want to start from this Chris Rock video: I hadn’t seen it before, but I have spent a lot of time studying…
Read More One Bad AppleThere’s an interesting article in Bentham’s Gaze, “Science ‘of’ or ‘for’ security?” It usefully teases apart some concepts, and, yes, it probably is consistent with the New School.
Read More Science of Security, Science for Security
Post thumbnail
When Andrew and I wrote The New School, and talked about the need to learn from other professions, we didn’t mean for doctors to learn from ‘cybersecurity thought leaders’ about hiding their problems: …Only one organism grew back. C. auris. It was spreading, but word of it was not. The hospital, a specialty lung and…
Read More ‘No need’ to tell the public(?!?)“90% of attacks start with phishing!*” “Cyber attacks will cost the world 6 trillion by 2020!” We’ve all seen these sorts of numbers from vendors, and in a sense they’re April Fools day numbers: you’d have to be a fool to believe them. But vendors quote insane because there’s no downside and much upside. We…
Read More Leave Those Numbers for April 1stBruce Schneier and I wrote an article on Facebook’s privacy changes: “A New Privacy Constitution for Facebook.”
Read More Facebook’s Privacy Constitution
Post thumbnail
SANS has announced a new boardgame, “Pivots and Payloads,” that “takes you through pen test methodology, tactics, and tools with many possible setbacks that defenders can utilize to hinder forward progress for a pen tester or attacker. The game helps you learn while you play. It’s also a great way to showcase to others what…
Read More Pivots and Payloads