The Application Security Engineer role is in demand nowadays. Many job offers are available, but actual candidates are scarce. Why is that? It’s not an easy task as the level of skills needed is both to be broad and specialized at the same time. Most of the offers are about one person, one unicorn that…
Read More Building an Application Security TeamApparently, the CISO of US Homeland Security, a Paul Beckman, said that: “Someone who fails every single phishing campaign in the world should not be holding a TS SCI [top secret, sensitive compartmentalized information—the highest level of security clearance] with the federal government” (Paul Beckman, quoted in Ars technica) Now, I’m sure being in the…
Read More Phishing and ClearancesI’m getting ready to announce an East coast book tour. In planning my Silicon Valley tour, I learned that between scheduling, getting the details needed out, making sure I knew where I was sleeping, there was a large amount of administrative work involved. So I’d like to hire someone to take care of all that…
Read More Virtual assistant services?Growing up, we were told by guidance counselors, career advice books, the news media and others to “follow our passion.” This advice assumes that we all have a pre-existing passion waiting to be discovered. If we have the courage to discover this calling and to match it to our livelihood, the thinking goes, we’ll end…
Read More Follow your passion?There’s a fascinating interview with Mark Templeton of Citrix in the New York Times. It closes with the question of advice he gives to business students: There are two strategies for your life and career. One is paint-by-numbers and the other is connect-the-dots. I think most people remember their aunt who brought them a gift…
Read More Two Models of Career PlanningSomeone reached out to me about a job that looks really interesting: The Director of Security Experience, Education & Research (SEER) will be responsible for defining the customer-facing security strategy for PayPal , define product roadmaps to enhance feature security and usability, drive customer security best practices adoption throughout our industry, and drive customer security…
Read More Fascinating Job at PayPalToday, we are sticking our noses in a place about which we know fairly little: the ISC(2) elections. We’re endorsing a guy we don’t know, Wim Remes, to shake stuff up. Because, really, we ought to care about the biggest and oldest certification in security, but hey, we don’t. And really, that’s a bit of…
Read More Emergent Chaos endorses Wim Remes for ISC(2) BoardI am honored that the kind folks at threapost have asked me to write for them occasionally. My first post is about better security through diversity of thinking which was inspired by pastry chef Shuna Fish Lydon. From her post (which I quoted in mine as well) It is my experience that unless you push…
Read More Punditry: Better Security Through Diversity Of ThinkingTen years ago, I left Boston to go work at an exciting startup called Zero-Knowledge Systems. Zero-Knowledge was all about putting the consumer in control of their privacy. Even looking back, I have no regrets. I’m proud of what I was working towards during the internet bubble, and I know a lot of people who…
Read More Ten Years Ago: Reminiscing about Zero-KnowledgeThe Daily Beast has a fascinating article that is a tell-all from a Madoff employee. I blinked as I read: The employee learned the salaries of his colleagues when he secretly obtained a document listing them. “A senior computer programmer would make $350,000, where in most comparable firms they would be getting $200,000 to $250,000….”…
Read More Double-take Department, Madoff Division