Want to Fail at Security? COMPLY!

Take a deep, cleansing breath, and say it with me: “Compliance is not security.” Good. One more time. “Compliance is not security.” It’s okay. We’re all friends here. No need for false pretenses. We all know how much truth is contained in those four simple words. Information Security is a tricky business, due largely in […]

The Curse of the Information Security Professional

Time magazine recently published an article summarizing CareerCast’s research on the most/least stressful jobs. At the top of the Most Stressful list: Enlisted Military Personnel. That makes PERFECT sense. High physical and travel demands, ridiculously low salary, and life-threatening situations that leave many physically and mentally scarred for the rest of their lives. Respect. What […]

The 85,100 Passwords Forbidden by @Dropbox

It’s amazing what you can learn about a mobile app using a zip utility and a text editor. As someone who has spent years working in the mobile app security space, my two favorite Windows tools are 7-zip and Notepad++. Why? Because every .ipa file you download from iTunes and every .apk file you download […]

How to Kickstart a Career in Application Security

A friend and fellow geek recently reached out for some career advice. He’s currently working as an app developer, and he was wondering what steps he could take to steer his career more toward application security. Since I’m a geek with a degree in music education who now works as an information security consultant who […]

Think Your @Facebook Photos Are Private? Think Again.

First, a little context: I’m a dad, which means I am more familiar with the Elf on the Shelf than I ever dreamed I might be. For the uninitiated, this cute little creature comes to life each night while the kids are fast asleep, usually to get into some sort of mischief before the kids […]

Surviving an Active Shooter Event

It’s a damn shame we live in a world where videos like this are necessary. That said, I’m grateful that Ready Houston took the time to put this video together. The video is only 6 minutes long. I rarely share physical security posts, but I highly recommend that you give this video a watch. If […]

Step-by-Step Guide To Decompiling Android Apps

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles. – Sun Tzu With the pressure for every company to have an app (or two, or three) in both iTunes and Google Play, the pressure is on both security teams and development teams to […]

Bridging the Social Media Implementation/Audit Gap

It’s one thing to embrace social media, but it’s another thing entirely to embrace it securely. This presentation helps organizations understand what steps should be taken to ensure that their social media properties are abused or exploited to attack the organization. The title may be boring, but the information is useful. Bridging the Social Media […]

The NSA: My Best Friend

How much does the NSA really know about you? The folks at Alltime10s published a YouTube video entitled 10 Ways the NSA Spies on You. The video contains unsettling revelations about the NSA from recent news articles, citing evidence that the agency engages in the following activities. Can collect info on people 3 degrees of separation […]

Identity and Access Management 101

Here’s another one of my infosec 101 presentations, this one drawing on my years of experience implementing and supporting identity and access management solutions for a large international retailer. If you’re planning on consolidating multiple identity stores into one centrally managed solution, then you’ll want to give this a once over ahead of time. Identity […]