https://blog.eutopian.io/tags/evergreen/ Recent content in evergreen on Privacy, Power, & Protection In The Cyber Century Hugo -- gohugo.io en-gb All rights reserved - 2017 Tue, 07 May 2019 11:00:30 +0000 https://blog.eutopian.io/the-projectionist/ Tue, 07 May 2019 11:00:30 +0000 https://blog.eutopian.io/the-projectionist/ 750 words, 3 minutes. The reason I don’t post on Cyber Security current affairs? It’s a scramble to be first. If I’m to write something, what should it be? What’s my angle? Which lens do I use on the microscope, or since this is a mass medium, the projector? What film can I show you that you haven’t already seen a dozen times? I’ll attempt to answer these questions here, and in so doing introduce what may become a new thread of posts. https://blog.eutopian.io/documenting-breaches-with-h-diagrams/ Wed, 17 Apr 2019 12:00:30 +0000 https://blog.eutopian.io/documenting-breaches-with-h-diagrams/ 1500 words, 6 minutes. “For the sake of brevity, we will always represent this number by the letter e” - Leonhard Euler, Mechanica. 1736. Illustration Pub. 1881. What if you could understand and explain any breach 10x faster? Security breaches are a staple of mainstream news. In the past, details only emerged through technical analysis, research papers, and the forensic review of press releases. Occasionally we’d be gifted with a customer letter or the suspicious timing of a patch or update. https://blog.eutopian.io/attack-surface-reduction-by-dynamic-compilation/ Thu, 21 Mar 2019 12:00:30 +0000 https://blog.eutopian.io/attack-surface-reduction-by-dynamic-compilation/ 1850 words, 7 minutes. …or, how the cave fish lost his eyes. Iranocypris typhlops - 1944, By B.Coad for Bruun & Kaiser. This post follows directly from the last. In that post, we learned that everyone could do something to reduce their attack surface and decrease the likelihood of a breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. The logic goes something like this: https://blog.eutopian.io/winning-systems-security-practitioners-7.-attack-surface-reduction/ Sun, 17 Feb 2019 14:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-7.-attack-surface-reduction/ 2000 words, 7 1/2 minutes. Attack Surface Reduction Illustrerad verldshistoria utgifven av E. Wallis. volume I. 1875-9. “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them, I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. https://blog.eutopian.io/geopolitics-for-fun-profit/ Thu, 25 Oct 2018 08:38:04 +0100 https://blog.eutopian.io/geopolitics-for-fun-profit/ 1750 words, 7 minutes. Sketch by Sir William Rothenstein, 1933. “Who rules East Europe commands the Heartland. Who rules the Heartland commands the World-Island. Who rules the World-Island commands the world." - Sir Halford Mackinder, Democratic Ideals and Reality. 1919. Do you work in technology, are you building a company? You should think about how your product or service fits with the wider world because aligning with large movements is a winning system. https://blog.eutopian.io/a-universal-lemma-for-compliance/ Mon, 27 Aug 2018 19:38:04 +0100 https://blog.eutopian.io/a-universal-lemma-for-compliance/ 2500 words, 9 1/2 minutes. Matthew Hopkins, Witchfinder General. 1647 Engraving. Here I describe a lemma1 or helping theorem for technical compliance of IT with a focus on Information Security. It’s an approach for all compliance regimes whether regulatory or corporate. It doesn’t date, nor is it predicated on a technology or platform. It isn’t a trick. It doesn’t provide cover for inadequate security or incompetent staff. If you’re looking to evade compliance, disguise incompetence, or shirk accountability then you’re in the wrong article. https://blog.eutopian.io/the-largest-open-goal-in-cyber-security/ Wed, 01 Aug 2018 10:00:30 +0000 https://blog.eutopian.io/the-largest-open-goal-in-cyber-security/ 1000 words, 4 minutes. “But how was one to explain repeated instances of derisive laughter at melodramas and films that hardly set out to be funny?" - Prof. Eric Rentschler1 Out of place laughter is an anarchist in the dark. Someone who refuses to let the film cast its spell. Imagery is important. Moving or still. Whether it be religious iconography, depictions of national myth, a coat of arms, a rallying military standard, your company’s brand, or something as incidental as clip art. https://blog.eutopian.io/an-idea-whose-time-has-come/ Thu, 17 Aug 2017 10:00:30 +0000 https://blog.eutopian.io/an-idea-whose-time-has-come/ 950 words, 4 1/2 minutes. Hugo by Étienne Carjat, 1876 “Nothing is as powerful as an idea whose time has come." - Victor Hugo. This is the second of two posts on strategic software. The first explained what it is, what it does, and where to find it. Now I’ll tell you why it’s an idea whose time has come. I’ll tell you why it will be more powerful in some respects than traditional politics and how it will come to shape the world. https://blog.eutopian.io/the-age-of-strategic-software/ Tue, 15 Aug 2017 10:00:30 +0000 https://blog.eutopian.io/the-age-of-strategic-software/ 1300 words, 5 minutes. Belloc by E. O. Hoppé, 1915. “Whatever happens, we have got the Maxim gun, they have not." - Hilaire Belloc. Once upon a time software was just for counting beans. It counted more beans faster and cheaper than anything else. Then computers became personal, then portable, then pocketable. All sorts of different kinds of software were created to serve the people and help them do their jobs better. https://blog.eutopian.io/beating-the-samson-option/ Thu, 27 Jul 2017 10:00:30 +0000 https://blog.eutopian.io/beating-the-samson-option/ 1300-1600 words, 6 1/2 to 8 1/2 minutes. An Etching of Samson by Julius Schnorr von Carolsfeld, from an 1882 German Bible. “He grasped two pillars of the temple and bowed himself with all his might” - Judges 16:30. Introduction This post is about online services which rely partly, or wholly, on user-contributed content. It’s about what happens to that content if those services close. I’ll examine the constraints and motivations of the parties involved. https://blog.eutopian.io/winning-systems-security-practitioners-6.-final-remarks/ Fri, 30 Jun 2017 15:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-6.-final-remarks/ 550 words, 2 minutes. Final Remarks “All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved” - Sun Tzu. This is the 6th and final post in a short series on winning systems for security practitioners. The first postfeels like a while ago already, about 6000 words or 25 minutes. Those minutes haven’t been wasted. The Inevitable Car Analogy If you’ve come this far then you’ve already completed one whole lap around the circuit of winning systems. https://blog.eutopian.io/winning-systems-security-practitioners-5.-resilience/ Fri, 30 Jun 2017 14:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-5.-resilience/ 1450 words, 5 1/2 minutes. Resilience “In defeat: Defiance” - Winston S. Churchill. This is part 5 of 6 in a short series of posts on winning systems for Information Security practitioners. It aims to plug the gap between policy and products and put you, the practitioner, back in the driving seat. After all if you don’t know what system you’re implementing, how can you decide what products or features are important to you? https://blog.eutopian.io/winning-systems-security-practitioners-4.-robustness/ Fri, 30 Jun 2017 13:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-4.-robustness/ 1200 words, 5 minutes. Robustness “The first virtue in a soldier is endurance of fatigue." - Napoleon Bonaparte. This is part 4 of 6 in a short series of posts on winning systems for Information Security practitioners. It aims to plug the gap between policy and products and put you, the practitioner, back in the driving seat. After all if you don’t know what system you’re implementing, how can you decide what products or features are important to you? https://blog.eutopian.io/winning-systems-security-practitioners-3.-responsiveness/ Fri, 30 Jun 2017 12:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-3.-responsiveness/ 1100 words, 4 1/2 minutes. Responsiveness “No battle plan ever survives contact with the enemy” - Helmuth von Moltke. This is part 3 of 6 in a short series of posts on winning systems for Information Security practitioners. It aims to plug the gap between policy and products and put you, the practitioner, back in the driving seat. After all if you don’t know what system you’re implementing, how can you possibly decide what products or features are important to you? https://blog.eutopian.io/winning-systems-security-practitioners-2.-preparation/ Fri, 30 Jun 2017 11:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-2.-preparation/ 1100 words, 4 1/2 minutes. Preparation “One of the best ways to keep peace is to be prepared for war” - Plato & others. Today attacks come thick and fast. The chances are that all public IPv4 address space is regularly scanned. Time-to-compromise of an unpatched, non-firewalled, Microsoft Windows host is about 5 minutes. Systems are attacked not because they are valuable, but because they are vulnerable. Even an old cable-modem is a useful addition to a botnet. https://blog.eutopian.io/winning-systems-security-practitioners-1.-introduction/ Fri, 30 Jun 2017 10:00:30 +0000 https://blog.eutopian.io/winning-systems-security-practitioners-1.-introduction/ 1100 words, 4 1/2 minutes. Introduction “Never tell people how to do things. Tell them what to do and they will surprise you with their ingenuity." - George S. Patton If you’ve read my previous postyou’ll know that to get beneficial, long lasting, low-maintenance results in Information Security, you need winning systems. Not skills. If you like grinding monotony punctuated by periods of extreme stress and being able to tell people how busy you constantly are, you can safely return to your to-do list. https://blog.eutopian.io/forget-solving-the-cyber-security-skills-shortage/ Fri, 30 Jun 2017 09:00:30 +0000 https://blog.eutopian.io/forget-solving-the-cyber-security-skills-shortage/ 1100 words, 4 minutes. This post is one of a short series on structural and systemic things the Information Security industry does wrong, and what we might do about them. Disclaimer: I advocate lifelong learning, that includes professional training, product training, workshops, online or in-person courses, and academic study. The professional trainers I know who author and deliver their own material are among the most mentally agile people I’ve ever met.