The Projectionist

750 words, 3 minutes. The reason I don’t post on Cyber Security current affairs? It’s a scramble to be first. If I’m to write something, what should it be? What’s my angle? Which lens do I use on the microscope, or since this is a mass medium, the projector. What film can I show you that you haven’t already seen a dozen times? I’ll attempt to answer these questions here, and in so doing introduce what may become a new thread of posts. »

Documenting Breaches With H Diagrams

1500 words, 6 minutes. “For the sake of brevity, we will always represent this number by the letter e” - Leonhard Euler, Mechanica. 1736. What if you could understand and explain any breach 10x faster? Security breaches are a staple of mainstream news. In the past, details only emerged through technical analysis, research papers, and the forensic review of press releases. Occasionally we’d be gifted with a customer letter or the suspicious timing of a patch or update. »

Attack Surface Reduction By Dynamic Compilation

1850 words, 7 minutes. …or, how the cave fish lost his eyes. This post follows directly from the last. In that post we learned that everyone could do something to reduce their attack surface and decrease the likelihood of breach. I’m going to show you what that winning system looks like when taken to its ultimate logical conclusion. The logic goes something like this: Software security flaws are commonplace. »

Winning Systems & Security Practitioners 7. Attack Surface Reduction

2000 words, 7 1⁄2 minutes. Attack Surface Reduction “Out of every hundred men, ten shouldn’t be there, eighty are just targets” Heraclitus 535 - 475 BC. My posts on Winning Systems for Cyber Security Practitioners are my most popular. In them I attempt to change your perspective on the relative importance of products and skills in securing what’s precious to you. I make the case for using systems (in the broadest sense of the word) not goals. »

Winning Systems & Security Practitioners 6. Final Remarks

550 words, 2 minutes. Final Remarks “All men can see the tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved” - Sun Tzu. This is the 6th and final post in a short series on winning systems for security practitioners. The first post feels like a while ago already, about 6000 words or 25 minutes. Those minutes haven’t been wasted. »