Is it naïve of us to think we can ever be perfectly secure? Whether it’s physically or digitally there is always a risk that something bad is going to happen. To protect ourselves physically we install alarms, locks, buy safe cars, have automatic lights, ...

This was my second year at the RSA Conference. It was interesting to come back as a "veteran" to the largest security conference (24k attendees according to rumor). I consider myself a veteran since I didn't really see differences between ...

I see sessions popping up in conferences and articles lately prophesying the demise of DLP and that DLP has run its course and is something companies should avoid. I have to ask a simple question: Why is it when attackers get more creative and cunning ...

Welcome back! This final installment of the “Firefox & Web Application Security: Arming Your Browser” series will focus on add-ons that can be used to launch hardcore attacks against the target web application. This installment isn’t for the faint of ...

The United States is ranked #1 for malicious activity by source and we are responsible for just over 21% of all of the malicious activity.  Much of this has to do with my mother the innocent victim who doesn’t know any better and doesn’t even know there ...

Thanks to regulatory requirements most everyone in the corporate world in the US is required to have official annual information security awareness/education/training. This isn't a bad thing per se, but I doubt few of us go beyond a stack of ...

You know, it’s 2013 and we still have this issue of employees believing that corporate data is their own to do with as they please. In a recent Ponemon survey report ~two thirds of employees believe this to be true. Unfortunately, this is an incredibly ...

It’s all your fault, really, it is. Whether it’s a lack of caring, naivety or a misunderstanding you executives of companies and leaders of agencies have helped to create an underground ecosystem for attackers to collaborate and coordinate attacks ...