I posted this image in 2004. . Even more relevant now. While we have a country that is clearly divided, the dividing lines are not so neat as the maps showing states going one way or the other. Updated Nov 7, see also purplestatesofamerica.org/.
Read More Maps and Visualization
Post thumbnail
The first function of democracy is to enable the peaceful handover of power from one group to another. For this, all its myriad sins are forgiven. The peaceful handover of power from one group to another is not a sure thing. Historically, it’s something of an aberration. There are all sorts of reasons, when you…
Read More On LegitimacyWith three days to the US election, the outrage machines are running on all cylinders. It’ll be easier to stay happy if you remember to notice them. To be clear, I’m not using a metaphor. Websites from news to social media use data to drive stories. Twitter’s top tweets, Facebook’s timeline, your local newspaper, but…
Read More Notice the Outrage MachinesIn a simpler age, Matt Stoller famously lost his job for critiquing Google. He has a really interesting article summarizing and analyzing the massive anti-trust report at Congress Gets Ready to Smash Big Tech Monopolies. If you’re like me, unsure if or how this might matter, take the time to read what he said. (Via…
Read More On Monopolies
Post thumbnail
I haven’t talked about it much, but I spent the first few months of the pandemic learning how to deliver effective training in a distributed (online) model. I’m really proud that our distributed class NPS customer satisfaction scores are now comparable to our in-person classes. Also it’s been a lot of hard work, and in…
Read More Training: Threat Modeling for Security ChampionsThe reason I hate compliance programs is because they’re lists of things we need to do, and many times, those things don’t seem to make a great deal of sense. In threat modeling, I talk about the interplay between threats, controls, and requirements, and I joke that “a requirement to have a control absent any…
Read More A PCI Threat ModelI joined Vin Nelsen for the Multi-Hazards podcast. If you’re looking for me to go beyond the bounds of technology threat modeling, this was, an interesting, far-ranging conversation about the state of the world. He also creates a study guide per episode — don’t miss the subtly labeled pdf there. I didn’t join in Security…
Read More Mentions
Post thumbnail
There’s a good, long article at MartinFowler.com “A Guide to Threat Modelling for Developers.” It’s solid work and I’m glad its out there. And I want to do something I don’t usually do, which is quibble with footnotes. Jim writes in footnote 2: Adam Shostack, who has written extensively on threat modelling and has provided…
Read More Starting Threat Modeling: Focused Retrospectives are Key
Post thumbnail
There’s been a lot of talk over the last week about “updating threat models” in light of the Tesla insider story. (For example.) I’m getting this question a fair bit, and so wanted to talk about insiders in particular, and how to use the news in threat modeling more generally. This also is a great…
Read More Threat Modeling, Insiders and IncentivesPhil Venables is one of the more reflective and thoughtful CSOs out there, and in this era where everything is a tweet or a linkedin post (sigh) you may have missed that Phil has a blog. This Labor day, why not take the time to catch up on his writing?
Read More Phil Venables Blogging