Category
Vigilance, threat models, and incident reflections
There's a special kind of technical debt that doesn't show up in Jira. It doesn't sit in a backlog. It doesn't have a product owner. It doesn't even admit it exists. It lives in PowerPoint. I call it...
For the past decade, I've watched enterprise security teams deploy TLS inspection appliances with the best of intentions. The pitch is always the same: we need visibility into encrypted traffic to...
I was watching the American feed of the Super Bowl last night when Ring's latest ad came on. A family loses their dog. They upload a photo. Ring's network of neighbourhood cameras springs into action,...
Security requires a particular mindset. Security professionals (at least the good ones) see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use...
New York is considering a budget bill (S.9005/A.10005) that would require all 3D printers sold in the state to include "blocking technology" that scans every print file through a "firearms blueprint...
Last week I was reviewing a vulnerability scan report for a client when something caught my eye. Buried in a list of "critical" findings was a Log4j vulnerability - you know, the one that broke the...
Tonight I received the following email from the Halton District School Board: To summarize the email - Edge Imaging, a vendor tasked with managing school photographs for yearbooks during the 2022-2023 and 2023-2024 academic years, experienced a data breach. This breach occurred within the vendor's