- The Perfect Timing of COVID
Over this series of posts, I will explore several areas where the timing of the 2019 COVID pandemic coincided with other factors that greatly improved our ability as a society to respond effectively. I will focus on work-related aspects of our societal response.
- Should I buy an EDR, PAM, or DLP? How do I know?
The information security space is awash in point technology solutions. If you’ve been to the RSA conference (when we ventured out to such places, pre-pandemic), you know how dense and vast the vendor exhibit halls can seem – it’s hard to know what Company A does, and how it’s different than Companies B thru ZZZ.
- Preparing for COVID-19: An Infosec Perspective
As we all consider the implications of COVID-19 to our organizations, a few thoughts for information security and business continuity practitioners to specifically think about.
- On Offense Informed Defense: Why do we buy the things we buy? (Part 1)
Ask any experienced offensive tester about the latest whiz-bang infosec tool, and you’ll get a predictably skeptical response. Sometimes skeptical would be putting it mildly. You’ll hear impassioned arguments like “Would you know if you’re being sprayed? Are you sure? Are you really sure? How do you know?”
- The Massive Equifax Breach May Reduce the Strength of “Out of Wallet” Authentication Techniques
Equifax announced a breach potentially impacting 143 million U.S. consumers. My initial concern beyond potential “routine” identity fraud is the erosion of identity proofing techniques based on “out of wallet” (OOW) questions.