Social media potentially contain a wealth of information. At the very least, if you take the time to slowly tune up your persona, you will be getting more of what you find interesting and less of the typical attention-seeking noise – this is especially true for LinkedIn. However, even after spending the aforementioned amount of… Continue reading Social Media Facepalm: “Signs you aren’t ready to be a CISO”
Dispelling the “AI” hype – one post at a time
So, for the past months, supposedly we are living the “AI” apocalypse/revolution (depending on your reality tunnel). A lot of folks are predicting doom and gloom, an equal opposing lot of folks are predicting better days ahead. My viewpoint about AI is worth a separate post, which I prefer not to spoil here. As you… Continue reading Dispelling the “AI” hype – one post at a time
The Great Southern 2023 meta-blogging post
What a better way to kickstart 2024 than looking back at 2023. In a nutshell, the second part of 2023 was a watershed moment. Not only have I started blogging more regularly but I have made some conscious decisions about the future of this blog. The first one is that all these years, I was… Continue reading The Great Southern 2023 meta-blogging post
Information Security? Game On!
Adam Shostack has an excellent page on security gamification. So, in case you have not already done so, go and read it, not only is a well written piece but also contains a wealth of games that you can use, as per your use case. Standing on the shoulder of giants, I would like to… Continue reading Information Security? Game On!
My 72 Seasons and How Can I Pay Them Forward
This year Metallica released “72 Seasons”. The main loose concept of the record is that our first 72 seasons (18 years) define who we will be for the rest of our lives. If this viewpoint stands or not, is a discussion for a different time, however it got me thinking: “What are my 72 Seasons… Continue reading My 72 Seasons and How Can I Pay Them Forward
When Cloud Shared Responsibility Security Model Fails
A few days ago, I blogged about some common Cloud Security specific misconceptions – focusing on how the Cloud (or Containers or Kubernetes) does not magically make insecure software or infrastructure configurations, secure. The axiom of this article is that the cloud providers themselves do keep their part of the deal – a public cloud… Continue reading When Cloud Shared Responsibility Security Model Fails
TetraBURST Pt2 – the ETSI response
My last post was about TetraBURST. Kim Zetter has an interview with Brian Murgatroyd, chair of the technical body at ETSI responsible for TETRA development. You can read the interview there. Highly recommended reading.
TE-TE-TE-TRABurst! – Security through obscurity never pays off!
Now that I am done solving Germany’s IT Skill gap single handedly, I am going to focus on another recent series of events that caught my eye. A bunch of Dutch security researchers found five CVEs in TETRA. TETRA is infamous for its security by obscurity stance – little security literature has been publicized about… Continue reading TE-TE-TE-TRABurst! – Security through obscurity never pays off!
Mitigations for the IT Skill Gap in Germany
As a security engineer, part of my duties is not only to identify security vulnerabilities but to also suggest fixes and/or mitigations for them. Recently, I wrote an article about what I think is broken with hiring in Germany and how this leads to a material, documented risk in filling these positions. The article was… Continue reading Mitigations for the IT Skill Gap in Germany
IT Skills Gap in Germany – a polemic
[You know that an article will be a fun experience when it starts with a triple disclaimer.] [edit: The initial draft of this article came as more beligerent than it appeared at time of writing and some of the “haha-funny” moments on a second reading fell down flat. So I did some minor content edits… Continue reading IT Skills Gap in Germany – a polemic