Attack Surface Reduction By Dynamic Compilation

1850 words, 7 minutes. …or, how the cave fish lost his eyes. This post follows directly from the last. In that post, we learned that everyone could do something to reduce their attack surface and decrease the likelihood of a breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. The logic goes something like this: Software security flaws are commonplace. »

Winning Systems & Security Practitioners 7. Attack Surface Reduction

2000 words, 7 1⁄2 minutes. Attack Surface Reduction “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them, I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. I make the case for using systems (in the broadest sense of the word) not goals. »

Work In Progress

650 words, 2 1⁄2 minutes. A Metapost This is a post about posting. Expect changes, deletions, corrections and improvements. From my first post in July 2017: I expect much of the content here to be around the subject of what we now call Cyber Security, since this is a field I began researching around 1990 and have worked professionally within for years in both an offensive and defensive capacity. »

Author image Nick Hutton on #meta,

Geopolitics For Fun & Profit

1750 words, 7 minutes. “Who rules East Europe commands the Heartland. Who rules the Heartland commands the World-Island. Who rules the World-Island commands the world.” - Sir Halford Mackinder, Democratic Ideals and Reality. 1919. Do you work in technology, are you building a company? You should think about how your product or service fits with the wider world because aligning with large movements is a winning system. Amongst my tweets on Cyber Security, Product Management, and company building, I occasionally mention International Relations or Geopolitics. »

A Universal Lemma For Compliance

2500 words, 9 1⁄2 minutes. Here I describe a lemma1 or helping theorem for technical compliance of IT with a focus on Information Security. It’s an approach for all compliance regimes whether regulatory or corporate. It doesn’t date, nor is it predicated on a technology or platform. It isn’t a trick. It doesn’t provide cover for inadequate security or incompetent staff. If you’re looking to evade compliance, disguise incompetence, or shirk accountability then you’re in the wrong article. »