Processes

DevSecOps versus SecDevOps

Posted on

DevOps has been all the rage lately, and for good reason: it allows an organization to provide a more consistent environment for development, test, and production, decreasing configuration errors, all while reducing development time. Another name given to this technique is “Infrastructure as code”. This is generally good for security, as many technical attacks exploit […]

People

Getting Started in Information Security

Posted on

I volunteer with i.c.stars, an internship program designed to get promising candidates into the technology field. Most of these candidates were not afforded the opportunity to go to or complete college, yet they are all driven and excited by technology. The i.c.stars curriculum is intensive, involving 12-hour days for four months where the interns learn […]

People

Security Program Automation

Posted on

I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]

Technology

Should Yubikeys be standard issue?

Posted on

A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]

Processes

Stake Flip Attack

Posted on

In the recent Risk Assessment on Tendermint / Cosmos Hub Validators, we covered a new threat we have dubbed the Stake Flip Attack. This post starts with some definitions and looks at how stake gets distributed in the network. Then it presents the attack with examples, both against a single validator, and then against multiple […]

Non-Security

Cosmos / Tendermint Network Architecture

Posted on

This post is a bit different than our usual offerings in that it’s not about security — at least not directly. We have been asked to look into some security aspects of the Cosmos Network, which is based on the Tendermint blockchain technology. In order to do so, I wanted to understand what its network […]

People

The Information Security Job Market

Posted on

There are projected to be 1.5 Million job openings for information security personnel, and that number is expected to more than double over the next four years. Certainly, recruiting and retaining qualified personnel is difficult for any profession. In this article, we’ll take a closer look at the information security job market. Is it as […]