Cigital’s Agile Security Manifesto

I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto. [su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote] These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on… Continue reading Cigital’s Agile Security Manifesto

Brother Can You Spare a Protocol?

If you haven’t yet heard of the SSLv3 protocol exploit then where have you been and how can you sleep at night.  Surely someone ran past you yesterday (Tuesday 10/14/14) with his hair on fire, screaming about graceful degradation of protocols.     You can read about the POODLE exploit process any number of places… Continue reading Brother Can You Spare a Protocol?

APT – Advanced, Persistent Threat

Given enough adoption of secure policies and frameworks and a threat agent with adequate resources, access and motivation any control/countermeasure/safeguard can be overcome. This means that a sufficiently motivated and backed threat agent (nee “hacker”) can defeat any one (and in multiple cases, any) security controls put in place.   Key takeaway: If you want… Continue reading APT – Advanced, Persistent Threat