Attack Surface Reduction By Dynamic Compilation

1850 words, 7 minutes. …or, how the cave fish lost his eyes. Iranocypris typhlops - 1944, By B.Coad for Bruun & Kaiser. This post follows directly from the last. In that post, we learned that everyone could do something to reduce their attack surface and decrease the likelihood of a breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. »

Winning Systems & Security Practitioners 7. Attack Surface Reduction

2000 words, 7 1⁄2 minutes. Attack Surface Reduction “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them, I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. I make the case for using systems (in the broadest sense of the word) not goals. »

Work In Progress

650 words, 2 1⁄2 minutes. A Metapost This is a post about posting. Expect changes, deletions, corrections and improvements. From my first post in July 2017: I expect much of the content here to be around the subject of what we now call Cyber Security, since this is a field I began researching around 1990 and have worked professionally within for years in both an offensive and defensive capacity. »

Author image Nick Hutton on #meta,

Geopolitics For Fun & Profit

1750 words, 7 minutes. “Who rules East Europe commands the Heartland. Who rules the Heartland commands the World-Island. Who rules the World-Island commands the world.” - Sir Halford Mackinder, Democratic Ideals and Reality. 1919. Do you work in technology, are you building a company? You should think about how your product or service fits with the wider world because aligning with large movements is a winning system. Amongst my tweets on Cyber Security, Product Management, and company building, I occasionally mention International Relations or Geopolitics. »

A Universal Lemma For Compliance

2500 words, 9 1⁄2 minutes. Matthew Hopkins, Witchfinder General. 1647 Engraving. Here I describe a lemma1 or helping theorem for technical compliance of IT with a focus on Information Security. It’s an approach for all compliance regimes whether regulatory or corporate. It doesn’t date, nor is it predicated on a technology or platform. It isn’t a trick. It doesn’t provide cover for inadequate security or incompetent staff. If you’re looking to evade compliance, disguise incompetence, or shirk accountability then you’re in the wrong article. »