Around 2006 / 2007 I began blogging and tried to get into video blogging. Although I’d been working in information security for 7 years up to that point, I wasn’t well-connected in terms of what conferences ran, who the influencers were, or who the editors of any of the numerous security magazines or websites were. … Continue reading The Queen Agrees
Social channels are an oft-overlooked area when it comes to information security. Social channels are left in the hands of marketing departments for customer engagement purposes. However, the adoption of social digital tools for the purposes of conducting business is widespread and largely unregulated, creating a major area of risk for organisations. If we look … Continue reading Social, the final frontier
Overall, technologies can be pretty straightforward to secure. Teach software not to execute a certain command, block a port, or alert on a set of conditions, and it will abide. Humans, on the other hand are not as easy to harden against attacks. These attacks are frequently delivered through emails, text messages, social media, or … Continue reading The user awareness landscape
This video was prompted by discussions with someone that was adamant that they would never, never, everrrrr put their logs in the cloud. I enquired as to why they weren't open to the option, and their response was that they don't believe that sensitive information like logs should be in the cloud. Now that's all … Continue reading Security in the cloud
It’s coming up on my 3 year anniversary at AlienVault - and after a conversation with a friend, it dawned on me that I don’t think I’ve ever really explained what AlienVault does. So, when I was in Austin this last week I recruited some of my colleagues to help make this short video to … Continue reading What is AlienVault
A lot of individuals and companies of all sizes often use the phrase where they 'think' they've been hacked or breached, or had some form of unwanted event. There is usually a lack of conviction in this statement, and in hindsight it's not easy to validate. Sure, one could use a service like haveibeenpwned.com to … Continue reading I think I’ve been hacked
Anytime we discuss security, it's mainly to talk about the failures. So I'm taking time out today to spread some positivity to all those security folks that have made it through the week without an incident occurring.