Documenting Breaches With H Diagrams

1500 words, 6 minutes. “For the sake of brevity, we will always represent this number by the letter e” - Leonhard Euler, Mechanica. 1736. What if you could understand and explain any breach 10x faster? Security breaches are a staple of mainstream news. In the past, details only emerged through technical analysis, research papers, and the forensic review of press releases. Occasionally we’d be gifted with a customer letter or the suspicious timing of a patch or update. »

Attack Surface Reduction By Dynamic Compilation

1850 words, 7 minutes. …or, how the cave fish lost his eyes. This post follows directly from the last. In that post we learned that everyone could do something to reduce their attack surface and decrease the likelihood of breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. The logic goes something like this: Software security flaws are commonplace. »

Geopolitics For Fun & Profit

1750 words, 7 minutes. “Who rules East Europe commands the Heartland. Who rules the Heartland commands the World-Island. Who rules the World-Island commands the world.” - Sir Halford Mackinder, Democratic Ideals and Reality. 1919. Do you work in technology, are you building a company? You should think about how your product or service fits with the wider world, because aligning with large movements is a winning system. Amongst my tweets on Cyber Security, Product Management, and company building, I occasionally mention International Relations or Geopolitics. »

A Universal Lemma For Compliance

2500 words, 9 1⁄2 minutes. Here I describe a lemma1 or helping theorem for technical compliance of IT with a focus on Information Security. It’s an approach for all compliance regimes whether regulatory or corporate. It doesn’t date, nor is it predicated on a technology or platform. It isn’t a trick. It doesn’t provide cover for inadequate security or incompetent staff. If you’re looking to evade compliance, disguise incompetence, or shirk accountability then you’re in the wrong article. »

Avoiding The Infosec Extinction Part 2.

1600 words, 8 minutes. Turning Up The Magnification This is the second of a short series of posts about the Cyber Security market. This market is interesting now because I believe it’s at a juncture where we can choose one of two possible futures. We being the product builders, investors, and customers. In the previous post I presented you with a choice. A choice between a beautiful fantasy, and practical reality. »