This is not the first time a young person has had authorized access to substantial amounts oftop secret sensitive compartmented information (TS/SCI) and leaked it. How could thishappen? It’s easy to understand… What do 20-year old people do in the military? Among other things, they are in the field being shot at and shooting, driving …
Why does a 20 year old have access to TS/SCI and what do we do about it? Read More »
Good luck finding someone qualified… The SEC is apparently about to make it a requirement for public companies to report on “the board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk”.1 Some details: Why would it be hard to find someone like this? But here’s the rub And there are some …
So you’re looking for a cyber security board member for your public company Read More »
People who don’t have to do it seem to not understand the nature of the cyber threat. This very short summary is intended for everyone who is responsible for it to hand to everyone else to help start a conversation and gain mutual understanding. The 6 questions people are commonly taught to ask are: who, …
Every once in a while I come across something interesting with substantial potential impacts but that differs from the common misconceptions. Many of them I point out with a fevered disdain of foolishness, while others I view more philosophically. This article is about some recent results that I think are worth attention, that are counter …
Some results in cybersecurity and why they may be interesting Read More »
People seem to me to be having problems dealing with enjoying their lives lived increasingly online. I live a life largely online, and with the pandemic pushing people increasingly away from the physical interaction world, I think we might be getting to the point where we do more and more that produces less and less …
The Capability Maturity Model notions that, starting from scratch, a program matures by goingthrough phases. Cyber Security as Sexy! Why don’t they invest the necessary resources? Getting to Managed is not that hard But I don’t want to! But that’s what computers are for! It takes time to mature Conclusions
A fair number of folks have been asking lately about what the best first steps in small company cyber security program development look like (a.k.a., We’re a small company… what should we do about it?). As I thought about it, the answer is pretty much the same as for a large enterprise, and the answer …
I see all these claims about building highly complex cyber-security environments and cannot believe that this is even a concept given that we cannot seem to get even relatively simple software anywhere close to right. Screwing us for better user experience? Stop interpreting my content please! AI is too stupid to let loose AWS disk …
