Winning Systems & Security Practitioners 2. Preparation

1100 words, 4 1/2 minutes. Preparation “One of the best ways to keep peace is to be prepared for war” - Plato & others. Today attacks come thick and fast. The chances are that all public IPv4 address space is regularly scanned. Time-to-compromise of an unpatched, non-firewalled, Microsoft Windows host is about 5 minutes. Systems are attacked not because they are valuable, but because they are vulnerable. Even an old cable-modem is a useful addition to a botnet. »

Winning Systems & Security Practitioners 1. Introduction

1100 words, 4 1/2 minutes. Introduction “Never tell people how to do things. Tell them what to do and they will surprise you with their ingenuity." - George S. Patton If you’ve read my previous postyou’ll know that to get beneficial, long lasting, low-maintenance results in Information Security, you need winning systems. Not skills. If you like grinding monotony punctuated by periods of extreme stress and being able to tell people how busy you constantly are, you can safely return to your to-do list. »

Forget Solving The Cyber Security Skills Shortage

1100 words, 4 minutes. This post is one of a short series on structural and systemic things the Information Security industry does wrong, and what we might do about them. Disclaimer: I advocate lifelong learning, that includes professional training, product training, workshops, online or in-person courses, and academic study. The professional trainers I know who author and deliver their own material are among the most mentally agile people I’ve ever met. »

The Age Of Invisible Disasters

1400 words, 5 minutes. The Tay Bridge disaster occurred during a violent storm on 28th December 1879 when the first Tay Rail Bridge collapsed while a train was passing over it from Wormit to Dundee, killing all 70 people aboard. It is widely accepted by engineers that disasters teach us more than successes. Said another way, we don’t learn from the bridge that stays standing. After the Tay Bridge disaster there was an investigation. »

Elephant Proofing Your Web Servers

750 words, 3 minutes. The Case For Default Deny What’s free, permanently reduces your exposure to a range of potential vulnerabilities, requires no maintenance, and takes only a few minutes to implement? Most web servers are installed to serve content to unauthenticated users on the Internet. Most only have a finite list of URLs or a specific number of web apps. I’ve always thought it strange that they install in a default-permit mode. »