Winning Systems & Security Practitioners 7. Attack Surface Reduction

2000 words, 10 minutes. Attack Surface Reduction “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. I make the case for using systems (in the broadest sense of the word) not goals. »

Geopolitics For Fun & Profit

1750 words, 9 minutes. “Who rules East Europe commands the Heartland. Who rules the Heartland commands the World-Island. Who rules the World-Island commands the world.” - Sir Halford Mackinder, Democratic Ideals and Reality. 1919. Do you work in technology, are you building a company? You should think about how your product or service fits with the wider world, because aligning with large movements is a winning system. Amongst my tweets on Cyber Security, Product Management, and company building, I occasionally mention International Relations or Geopolitics. »

A Universal Lemma For Compliance

2500 words, 12 minutes. Here I describe a lemma1 or helping theorem for technical compliance of IT with a focus on Information Security. It’s an approach for all compliance regimes whether regulatory or corporate. It doesn’t date, nor is it predicated on a technology or platform. It isn’t a trick. It doesn’t provide cover for inadequate security or incompetent staff. If you’re looking to evade compliance, disguise incompetence, or shirk accountability then you’re in the wrong article. »

NSA PRISM's Commercial Cousin

2200 words, 11 minutes. “In 1882 I was in Vienna, where I met an American whom I had known in the States. He said: ‘Hang your chemistry and electricity! If you want to make a pile of money, invent something that will enable these Europeans to cut each others’ throats with greater facility.’” - Hiram Maxim. Selling arms during an arms race is such an interesting topic it warrants its own post. »

Avoiding The Infosec Extinction Part 2.

1600 words, 8 minutes. Turning Up The Magnification This is the second of a short series of posts about the Cyber Security market. This market is interesting now because I believe it’s at a juncture where we can choose one of two possible futures. We being the product builders, investors, and customers. In the previous post I presented you with a choice. A choice between a beautiful fantasy, and practical reality. »