While I’m glad to see the use of Signal on the rise, I am afraid that current events will cause the “government should have access into all encryption” debate to come up again, and people may think it’s a good idea out of fear. It’s not. Here’s why: As the global pandemic has kept everyone at home, our interaction with everything and everyone has increasingly had more of a digital footprint than ever before. That digital footprint without encryption exposes a lot of information. Encryption is needed due to the way the Internet works. The Internet is a loose confederation of companies, educational institutions, and telecommunication providers. Everything passes through networks owned by others. Without encryption, any party along the[…]

What is the misunderstood, unloved, and overly complicated security technology that underpins most modern digital solutions? #PKI. Public Key Infrastructure. It’s where my career in security began. Digital #certificates protect so many things we use. From this website you’re visiting (check the 🔒 icon on your address bar to be sure), to your ability to use your LinkedIn login to federate to other sites, to the authenticity of the patch just applied to update your browser… And it’s just scratching the surface. PKI has gone from #security technology to #infrastructure. And if you are a user of Microsoft Teams, today you may have seen a failure of that infrastructure. Microsoft Teams, like many modern solutions, has a separate front-end and back-end, connected through an #API. And[…]

Cyber security is a hot area for #startups. Just in the greater DC metro, there are 3 incubators that focus on cyber security, many startups, and many more in the orbit – from funds to investors to advisors. A walk around the RSA or Black Hat expo floors will show you a lot of money is being spent to create some of the next big things. Some are new takes on existing products. Many are hyper-specialized solutions trying to fill a need that only exists for a few with *very* deep pockets. Very few are truly #innovative. As is typical with startups, #cybersecurity have a low success rate. This weekend Synopsys acquired Tinfoil Security. The dollar value was so low that Synopsys stated the[…]

Tomorrow is the first day of 2020. Not just a new year, but a phrase we use to describe perfect vision. What are you going to do in #2020 so that when you look back on it, it will be as if you had 20/20 vision? My recommendation is to work toward being more #proactive. The best approach to health is to see your doctor regularly, get annual physicals, and have open and regular communication. Follow their advice to eat healthy and exercise more. You don’t want to end up in the emergency room with a serious illness or injury. The same is true for your #digital health. Consult your #security professional, have open and regular communication. Take the steps they recommend to make positive[…]

I often talk about #experience and #security. I don’t see them as mutually exclusive; you can have both great experience and strong security. People are making a different trade-off on a regular basis and aren’t considering the ramifications. I’m speaking about #privacy vs. #convenience. The explosion of smartphones and apps have afforded us tremendous convenience. Much of that comes at a price – reducing our privacy. Yes, it’s convenient to get deals at your favorite store, or be alerted to changing traffic or weather conditions, or get alerted to sports updates in real time. To deliver these services, the applications require information about you. What stores you like, where you are, where you live and work, what your favorite teams are. Most have very little regard[…]

I often tell people that #security is not a thing you can buy. It’s a feeling. You do something and it makes you feel secure. Businesses spend a lot of money on products in the top-right of a #Gartner magic quadrant to feel better. They see “improve security” as a goal, and equate spending on the tool with accomplishment of that goal. No tool is a silver bullet; it won’t prevent every imaginable risk. You find a gap, and it makes you feel insecure. Next year you budget for a tool that fills that gap. And that tool has a gap, and you repeat the process every year. The spending spins out of control… and you’re no closer to that feeling of security. An[…]