The Projectionist

750 words, 3 minutes. The reason I don’t post on Cyber Security current affairs? It’s a scramble to be first. If I’m to write something, what should it be? What’s my angle? Which lens do I use on the microscope, or since this is a mass medium, the projector? What film can I show you that you haven’t already seen a dozen times? I’ll attempt to answer these questions here, and in so doing introduce what may become a new thread of posts. »

Documenting Breaches With H Diagrams

1500 words, 6 minutes. “For the sake of brevity, we will always represent this number by the letter e” - Leonhard Euler, Mechanica. 1736. What if you could understand and explain any breach 10x faster? Security breaches are a staple of mainstream news. In the past, details only emerged through technical analysis, research papers, and the forensic review of press releases. Occasionally we’d be gifted with a customer letter or the suspicious timing of a patch or update. »

Attack Surface Reduction By Dynamic Compilation

1850 words, 7 minutes. …or, how the cave fish lost his eyes. This post follows directly from the last. In that post, we learned that everyone could do something to reduce their attack surface and decrease the likelihood of a breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. The logic goes something like this: Software security flaws are commonplace. »

Winning Systems & Security Practitioners 7. Attack Surface Reduction

2000 words, 7 1/2 minutes. Attack Surface Reduction “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them, I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. I make the case for using systems (in the broadest sense of the word) not goals. »

Work In Progress

650 words, 2 1/2 minutes. A Metapost This is a post about posting. Expect changes, deletions, corrections and improvements. From my first post in July 2017: I expect much of the content here to be around the subject of what we now call Cyber Security, since this is a field I began researching around 1990 and have worked professionally within for years in both an offensive and defensive capacity. Cyber Security (or just security as we used to call it) now intersects with several of my other interests including geopolitics, propaganda, public policy, and privacy. »

Author image Nick Hutton on #meta,