Want to Fail at Security? COMPLY!

Take a deep, cleansing breath, and say it with me: “Compliance is not security.” Good. One more time. “Compliance is not security.” It’s okay. We’re all friends here. No need for false pretenses. We all know how much truth is contained in those four simple words. Information Security is a tricky business, due largely in […]

The Curse of the Information Security Professional

Time magazine recently published an article summarizing CareerCast’s research on the most/least stressful jobs. At the top of the Most Stressful list: Enlisted Military Personnel. That makes PERFECT sense. High physical and travel demands, ridiculously low salary, and life-threatening situations that leave many physically and mentally scarred for the rest of their lives. Respect. What […]

22 Sites Where You Should Enable Two Factor Authentication RIGHT NOW

The reason we have passwords is to make it harder for attackers to get to our stuff. Ideally, strong passwords ensure that we’re the only ones who can access our email inboxes, our social media profiles, our bank accounts, and our Amazon shopping carts. Unfortunately, passwords by themselves aren’t always strong enough to accomplish that […]

The 85,100 Passwords Forbidden by @Dropbox

It’s amazing what you can learn about a mobile app using a zip utility and a text editor. As someone who has spent years working in the mobile app security space, my two favorite Windows tools are 7-zip and Notepad++. Why? Because every .ipa file you download from iTunes and every .apk file you download […]

How to Kickstart a Career in Application Security

A friend and fellow geek recently reached out for some career advice. He’s currently working as an app developer, and he was wondering what steps he could take to steer his career more toward application security. Since I’m a geek with a degree in music education who now works as an information security consultant who […]

Surviving an Active Shooter Event

It’s a damn shame we live in a world where videos like this are necessary. That said, I’m grateful that Ready Houston took the time to put this video together. The video is only 6 minutes long. I rarely share physical security posts, but I highly recommend that you give this video a watch. If […]

Step-by-Step Guide To Decompiling Android Apps

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles. – Sun Tzu With the pressure for every company to have an app (or two, or three) in both iTunes and Google Play, the pressure is on both security teams and development teams to […]

Bridging the Social Media Implementation/Audit Gap

It’s one thing to embrace social media, but it’s another thing entirely to embrace it securely. This presentation helps organizations understand what steps should be taken to ensure that their social media properties are abused or exploited to attack the organization. The title may be boring, but the information is useful. Bridging the Social Media […]

Identity and Access Management 101

Here’s another one of my infosec 101 presentations, this one drawing on my years of experience implementing and supporting identity and access management solutions for a large international retailer. If you’re planning on consolidating multiple identity stores into one centrally managed solution, then you’ll want to give this a once over ahead of time. Identity […]