I could say “rock music is dead” and a bunch of fans will crawl out of the woodwork to list all their favorite rock bands. And I’m sure they’re all good! But that doesn’t fix the problem. If I point out that young men are wildly underrepresented in YA fiction, people will pop out of a hole in the ground…
Dating back for decades now, most major companies and enterprises have had “security” teams. Sometimes called “IT Security” or “infrastructure security” or something along those lines. This group was responsible for everything from security policies to risk reviews to approving firewall changes. Sometimes they’d own things like IDS/IPS, anti-virus, and often strictly security tools like a SIEM, a WAF, or…
Recently I had a conversation with my team manager, and the conversation turned to “where do you see the future of security going?” It didn’t take much thought to come up with an answer: more analytics, more automation, fewer people. Let’s approach these one at a time. More Analytics Not everything can be reduced to raw numbers, but don’t tell…
I write code. I’m not a programmer. I am a security engineer who can code. Why is that important?
The Maginot Line in World War II was the French defense against invading German forces. It covered almost the entire perimeter of the country, was impervious to attacks from the air or ground, and had backup supply lines on the inside of the perimeter. It was well staffed with trained and experienced soldiers. It was hugely expensive, state-of-the-art, and considered…
(At the time I wrote this (2017), I had never heard of “zero trust networking”. Looking back, that’s what I’m describing in this post. If you’re interested in these concepts, please read up on zero trust) The way we are dealing with security is all wrong. No one can deny it, but no one is doing anything about it. Why?…