I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto. [su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote] These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on… Continue reading Cigital’s Agile Security Manifesto
Category: Programming
SANS – Confusion in the Top How Many?
Enterprise Security or Secure Solution program? While discussing the SANS Top 20 Critical Controls a couple of weeks ago I ran into some confusion with an infosec partner about the number of controls we were talking about. He referred to the Top 25 but I know from my training and certification that there are 20… Continue reading SANS – Confusion in the Top How Many?
Brother Can You Spare a Protocol?
If you haven’t yet heard of the SSLv3 protocol exploit then where have you been and how can you sleep at night. Surely someone ran past you yesterday (Tuesday 10/14/14) with his hair on fire, screaming about graceful degradation of protocols. You can read about the POODLE exploit process any number of places… Continue reading Brother Can You Spare a Protocol?