Applied

Use a Password Manager!

Posted on

Given that BuboWerks aims to provide more support for small organisations than most information security consultancies, we would like to put out a primer of what security controls most small organizations should use. Chief among those recommendations will be, “Use a password manager!” Recently, Stuart Schechter put out a great piece cautioning against such advice. […]

Uncategorized

BuboWerks Flies Its Colors With Pride

Posted on

If you’ve been to the BuboWerks website before, you might notice that it’s a bit more colorful this month. That is because June is Pride Month, and BuboWerks is a huge believer in the importance of the LGBTQ+ community. Our mascot, the wise owl, is not a very flamboyant creature, instead relying on earth tones […]

BuboWerks

BuboWerks Values

Posted on

BuboWerks is now moving into its second year, which prompted us to update our business plan. This time around in the planning process, the question came up as to how our goals align to our values. While we have values, of course, they had never been codified, so this seemed like a good opportunity to […]

BuboWerks

What is a Small, Medium or Large Organization, or Enterprise?

Posted on

Many of BuboWerks service offerings are priced based off the size and complexity of an organization. BuboWerks was started in large part to make the same information security services used by large organizations available to the 99% of organizations that don’t have more revenue than a small country’s GDP. This raises the question of what […]

Processes

DevSecOps versus SecDevOps

Posted on

DevOps has been all the rage lately, and for good reason: it allows an organization to provide a more consistent environment for development, test, and production, decreasing configuration errors, all while reducing development time. Another name given to this technique is “Infrastructure as code”. This is generally good for security, as many technical attacks exploit […]

People

Getting Started in Information Security

Posted on

I volunteer with i.c.stars, an internship program designed to get promising candidates into the technology field. Most of these candidates were not afforded the opportunity to go to or complete college, yet they are all driven and excited by technology. The i.c.stars curriculum is intensive, involving 12-hour days for four months where the interns learn […]

People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]

Technology

Should Yubikeys be standard issue?

Posted on

A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]