BuboWerks

BuboWerks Values

Posted on

BuboWerks is now moving into its second year, which prompted us to update our business plan. This time around in the planning process, the question came up as to how our goals align to our values. While we have values, of course, they had never been codified, so this seemed like a good opportunity to […]

BuboWerks

What is a Small, Medium or Large Organization, or Enterprise?

Posted on

Many of BuboWerks service offerings are priced based off the size and complexity of an organization. BuboWerks was started in large part to make the same information security services used by large organizations available to the 99% of organizations that don’t have more revenue than a small country’s GDP. This raises the question of what […]

Processes

DevSecOps versus SecDevOps

Posted on

DevOps has been all the rage lately, and for good reason: it allows an organization to provide a more consistent environment for development, test, and production, decreasing configuration errors, all while reducing development time. Another name given to this technique is “Infrastructure as code”. This is generally good for security, as many technical attacks exploit […]

People

Getting Started in Information Security

Posted on

I volunteer with i.c.stars, an internship program designed to get promising candidates into the technology field. Most of these candidates were not afforded the opportunity to go to or complete college, yet they are all driven and excited by technology. The i.c.stars curriculum is intensive, involving 12-hour days for four months where the interns learn […]

People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]

Technology

Should Yubikeys be standard issue?

Posted on

A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]

Processes

Stake Flip Attack

Posted on

In the recent Risk Assessment on Tendermint / Cosmos Hub Validators, we covered a new threat we have dubbed the Stake Flip Attack. This post starts with some definitions and looks at how stake gets distributed in the network. Then it presents the attack with examples, both against a single validator, and then against multiple […]