One of the biggest problems information security encounters is either the perception or reality of slowing down the business. I’ve encountered this myself in my career.  One of the ways I dealt with this problem is through an effective use of the risk ...

Recently, there have been a string of high profile compromises attacking both could based services, a cloud based note taking site, a fast food companies Twitter account, as well as corporations and individuals.  A well known technology writer had his ...

Is it naïve of us to think we can ever be perfectly secure? Whether it’s physically or digitally there is always a risk that something bad is going to happen. To protect ourselves physically we install alarms, locks, buy safe cars, have automatic lights, ...

This was my second year at the RSA Conference. It was interesting to come back as a "veteran" to the largest security conference (24k attendees according to rumor). I consider myself a veteran since I didn't really see differences between ...

I see sessions popping up in conferences and articles lately prophesying the demise of DLP and that DLP has run its course and is something companies should avoid. I have to ask a simple question: Why is it when attackers get more creative and cunning ...

Welcome back! This final installment of the “Firefox & Web Application Security: Arming Your Browser” series will focus on add-ons that can be used to launch hardcore attacks against the target web application. This installment isn’t for the faint of ...

The United States is ranked #1 for malicious activity by source and we are responsible for just over 21% of all of the malicious activity.  Much of this has to do with my mother the innocent victim who doesn’t know any better and doesn’t even know there ...

Thanks to regulatory requirements most everyone in the corporate world in the US is required to have official annual information security awareness/education/training. This isn't a bad thing per se, but I doubt few of us go beyond a stack of ...