Attack Surface Reduction By Dynamic Compilation

1850 words, 9 1⁄2 minutes. …or, how the cave fish lost his eyes. This post follows directly from the last. In that post we learned that everyone could do something to reduce their attack surface and decrease the likelihood of breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. The logic goes something like this: Software security flaws are commonplace. »

Winning Systems & Security Practitioners 7. Attack Surface Reduction

2000 words, 10 minutes. Attack Surface Reduction “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. I make the case for using systems (in the broadest sense of the word) not goals. »

Winning Systems & Security Practitioners 6. Final Remarks

550 words, 2 1⁄2 minutes. Final Remarks “All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved” - Sun Tzu. This is the 6th and final post in a short series on winning systems for security practitioners. The first post feels like a while ago already, about 6000 words or 25 minutes. Those minutes haven’t been wasted. »

Winning Systems & Security Practitioners 5. Resilience

1450 words, 6 minutes. Resilience “In defeat: Defiance” - Winston S. Churchill. This is part 5 of 6 in a short series of posts on winning systems for Information Security practitioners. It aims to plug the gap between policy and products and put you, the practitioner, back in the driving seat. After all if you don’t know what system you’re implementing, how can you decide what products or features are important to you? »

Winning Systems & Security Practitioners 4. Robustness

1200 words, 5 minutes. Robustness “The first virtue in a soldier is endurance of fatigue.” - Napoleon Bonaparte. This is part 4 of 6 in a short series of posts on winning systems for Information Security practitioners. It aims to plug the gap between policy and products and put you, the practitioner, back in the driving seat. After all if you don’t know what system you’re implementing, how can you decide what products or features are important to you? »