Given that BuboWerks aims to provide more support for small organisations than most information security consultancies, we would like to put out a primer of what security controls most small organizations should use. Chief among those recommendations will be, “Use a password manager!” Recently, Stuart Schechter put out a great piece cautioning against such advice. […]
I had a great conversation with a CISO colleague / mentor recently who told me that his biggest challenge is that his staff is swamped with repetitive tasks – things that should be automatible, but have not been for a variety of reasons. Many thanks to him for helping me organize my thoughts on this […]
A customer recently asked me about the Krebs story on Google using Yubikeys and eliminating phishing attacks. They wanted to know if it was real and if it is a technology they should be using? For starters, two-factor-authentication — or more generally, multi-factor-authentication — is absolutely important — no longer can you detect phishing attacks […]
One of our partners recently asked me what I thought of Bro — was it something I would recommend setting up for one of his clients? If you’ve used Bro before, this is probably a no-brainer, but for many folks — even ones with deep infosec experience — Bro can be a little confusing. In […]