Post thumbnail
I’m excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8. Details are available at Embedded Systems Security Days.
Read More Training At Embedded Systems Security Days
Post thumbnail
Wow. Blackhat, Defcon, I didn’t make any of the other conferences going on in Vegas. And coming back it seems like there’s a sea of things to follow up on. A little bit of organization is helping me manage better this year, and so I thought I’d share what’s in my post-conference toolbox. I’m also…
Read More Toolbox: After a ConferenceShortly, I’m off to Blackhat. My Threat Modeling Intensive classes both sold out (thank you!) Nearly a decade ago, I put forth a set of best practices: Breath mints Ricola Purell Advil Gatorade This year, I’m adding a travel humidifier. I’ve been using this one, and it really needs to soak for 10 minutes, but…
Read More Blackhat Best PracticeAlexandre Sieira has some very interesting and actionable advice from looking at the Capital One Breach in “Learning from the July 2019 Capital One Breach.” Alex starts by saying “The first thing I want to make clear is that I sympathize with the Capital One security and operations teams at this difficult time. Capital One…
Read More Actionable Followups from the Capital One Breach
Post thumbnail
There was a really interesting paper at the Workshop on the Economics of Information Security. The paper is “Valuing CyberSecurity Research Datasets.” The paper focuses on the value of the IMPACT data sharing platform at DHS, and how the availability of data shapes the research that’s done. On its way to that valuation, a very…
Read More Valuing CyberSecurity Research Datasets
Post thumbnail
Today is the 50th Anniversary of “One small step for a man, one giant leap for mankind.” It’s an event worth celebrating, in the same way we celebrate Yuri’s Night. The holy days — the holidays — that we celebrate say a great deal about us. They shape who we are. The controversies that emerge…
Read More Happy Apollo Day!A Man on the Moon, Andrew Chaikin is probably the best of the general histories of the moon landings. Failure is not an Option, by Gene Kranz, who didn’t actually say that during Apollo 13. Marketing The Moon by David Scott and Richard Jurek. I was surprised what a good history this was, and how…
Read More Books Worth Reading: Q2 2019 (Apollo Edition)Conflict online — bullying, trolling, threats and the like are everywhere. The media coverage is shifting from “OMG what are we doing about this?!” to “Wow, this is really hard.” (Ayup) I’ve been exploring how to engineer for these problems, and I joined Chris Romeo and Robert Hurlbut to talk about it on the AppSec…
Read More Threat Modeling at Layer 8There’s a new draft available from NIST, “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” They are accepting comments through August 5th.
Read More NIST on SDLs
Post thumbnail
“Safety First For Automated Driving” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. One way to read it is that those disciplines have strongly developed safety cultures, which generally do not consider cybersecurity problems. This paper is the cybersecurity specialists making the argument that cyber will fit into safety, and how…
Read More Safety and Security in Automated Driving