22 March 2019
Have you ever stopped to ask yourself if the things you are defending against are really your biggest security problems? I am going to challenge you to think about things a little differently, as I have been myself recently. Prepare yourself, as this may challenge some of your core security beliefs, things we have been taking as gospel since the early days of securing networks. We all know our time is precious and limited, so it is more important than ever to use what time we have wisely. That is exactly why I think we need to look deep into our beliefs and be willing to challenge ourselves on a profound, uncomfortable level. So, let’s make an attempt to be completely and utterly honest with ourselves about our security assumptions. Do you require users to have long, complex passwords and expect them not to write them down? Do you use firewalls to cover up unpatched software, block access to vulnerable or unused services or to make up for poor configuration? What about Full Disk Encryption? Do you deploy that on every machine in your organization?
5 November 2018
So, you want to be a road warrior? Maybe your job has morphed into something where travel is now part of the fun. Or maybe travel is required to reach that InfoSec rock star status you've always desired. Either way I want to share some of the tips and tricks I have learned during my stints traveling for a living in the hope that some travel hacking will make things a little easier for you. First off, let me offer a sincere, “Welcome to the club”! In no time at all, you too will have the 1000-yard stare and be able to tell the difference between an Airbus A319 and an Airbus A319EOW by the number of life rafts and vests. This is an invaluable skill which you can use to impress family and friends at the next holiday gathering. I’ve had a couple of different road warrior jobs. Both have involved flying often. In my first travel job, I was a field service engineer fixing cancer diagnostics equipment in hospitals and labs across the western United States. That job was pre-911 and involved flying to a different city every day, while usually only finding out my destination while driving to the airport. My second real road warrior job is the one I am in now as the Security Awareness Advocate for KnowBe4. In this role, I get to travel all over the United States to speak and work at cybersecurity conferences and similar events. While I typically only stay for a day or two at a time, this still involves a lot [...]
10 July 2018
Phishing attacks have become a common factor in our daily routines for businesses and in our personal lives. There are many different types of phishing attacks, each of which requires a slightly different defense while having some commonalities as well. This article covers a specific type of attack called credential phishing and ways to protect against it. While you may […]
22 May 2018
J0hn_D0ugh$ – So there I was once again enjoying my victory. I wasn’t technically done yet, however all of the hard stuff had already been done. I’m not a hacker just for the money. I’ve made enough of that already. Such is the life for a modern day hacker. It’s really more about the challenge. Sadly however, many of these […]