regulatory capture in infosec, by example
Note :I have the utmost respect for the people to be named in this blogpost. I also have friends working for the companies to be named. This is in no way a hate or flame post but with the attention of...
View ArticleI'm looking for you ...
Let's see if this internet thingy really works ... Dear Claire, I'm looking for you.This all may seem really silly but it is kinda important to me to follow through on this one. Â While my friends and I...
View ArticleForensics Training courses
yesterday I posted a question on Twitter to see what other training offerings there are out there in the area of computer forensics, beyond what we know is a quality offering from SANS. Not because I...
View Articlea few honest questions about Flame ... answer 'em
While I invited some of the most vocal people on the issue of #flame to our humble podcast tonight, nobody actually stepped up to the opportunity to openly discuss the issue. Too bad, so I'll put out...
View ArticleThe sense or nonsense of changing your password
By now everybody has caught on to the (presumed) LinkedIN breach, except the people at LinkedIN themselves but they're probably digging through their treasure trove of social big data in the cloud....
View ArticleJob offers from hell
Everybody gets them once in a while : job offers that make you cringe. While processing my personal inbox this evening, I ran into this little gem :Hi WimA global IT service provider are recruiting for...
View Articleso ... you want to support an (ISC)2 board petitioner?
Hiya ... now that election season at (ISC)2 has started again, some of you may ask the very valid question "I voted for this Belgian guy and I didn't see much happening ... why should I vote for this...
View ArticleHire great infosec people (and keep them) !
Earlier this week I had an interesting exchange with several people on Twitter after a statement by Mary Ann Davidson (Oracle CSO) gave at the -apparently awesome- ISSA Conference. It was paraphrased...
View Articlehigh-rolling hot shot executive (m/f) wanted - a perspective
Ok, no, I'm not looking to hire someone. This blogpost is triggered by a question asked by @hackerhuntress earlier today :"if you're passed over for a job, do you mind being notified via voicemail or...
View Article2 million downloads and nobody cares ...
As I'm enjoying a little bit of holidays before I start my new job in 2013, I'm also having the privilege of setting up my new work machine. Some tools are must haves for anybody doing infosec work,...
View Article"Data Honesty" and why IOCs are not (yet)
In the past half decade I've been working in incident response and data analysis extensively, working on projects that helped monitor security-related data on very large networks and helping to...
View ArticleCaveat emptor 101
I try to read as much as I can. Whether it's articles, books, journals, blogposts doesn't really matter. If it is infosec related I'll soak it up and if it's any good I'll probably blend it into a...
View ArticleThe enemy within
I happened to find myself in the couch this evening. Somehow I managed to get hold of the remote control and leisurely zapped through the available channels (there's a crapload of them, unbelievable)....
View ArticleCan we stop losing?
To whomever this may concern,This is a personal post in so much that I need to clear out that I am not speaking for my employer or any other organization that I may be affiliated with. It is also...
View Article3 years flew by ... looking back and looking forward
[Note that I am speaking for myself and not for the (ISC)2 Board of Directors or (ISC)2 as an organization. I believe that 3 years after being elected, it is my responsibility to tell you what we have...
View Article"Hackin" ATMs isn't magic ...
Over the past few weeks, not a day passed without a news outlet or an AV vendor coming up with another post or article on ATM hacking. Today was no different.Network World published an elaborate...
View ArticleCan we ... do better?
Disclaimer: In this blogpost I analyse one particular blogpost. This is not a personal attack against the author of said blogpost nor is it a value judgement against the content produced or the...
View Article(ISC)2's "Vulnerability Central" - what it is and what it isn't
[disclaimer: until December 31st I was a member of the (ISC)2 Board of Directors. My posts here are my personal opinion and not necessarily shared by any of the current Directors or the...
View Article7 things in regards to conference calls
1. Being on time is being too late. You join conference calls 5 (FIVE) minutes beforehand, any later is too late. There can be some technical issues y'all need to root out.2. Use a freaking phone. Most...
View Articleopen letter to the ISC2 Membership
DisclaimerI was an ISC2 Board Member from January 1st 2012 until December 2014. I am an ISC2 Member in good standing. I am, at this moment, not working for ISC2, with ISC2, or in any other fashion...
View Article