This post introduces the Security Obstructionism (SecObs) market, examining its role in enterprise infosec programs, why it’s so pernicious, and why DevSecOps is just SecObs wrapped with the shiny bow of modernity. | Continue reading
Visualizing the turkey pardon game theory conflict featured in Rick and Morty season 5 episode 6 as a decision tree created using the Deciduous app. | Continue reading
Introducing Deciduous, a web app that lets you generate security decision trees (aka attack trees) with minimal effort. | Continue reading
This post walks through creating a decision tree for pragmatic threat modeling using the open source graph vizualization tool Graphviz (with an AWS S3 bucket containing sensitive data as an example). | Continue reading
This post will explore why both YOLO security (YOLOsec) and FOMO security (FOMOsec) are pernicious disservices to infosec defense and how you can spot them so that you may yeet them from your organization’s security strategy. | Continue reading
A short primer on what resilience means in information security, intended as a resilience 101 resource for people who build, maintain, and secure systems or lead teams who do. | Continue reading
A look at the infosec industry’s hierarchy of product needs and what drives vendor selection. #antisec | Continue reading
This post will explore my thoughts on how the economics of physical ransom translate to digital ransom, and how we as an industry might want to reconceive our current approaches to considering and dealing with ransomware – and the criminals who run ransomware campaigns. | Continue reading