If there is any consensus within IT security, it is that the security provided is often ineffective in preventing or detecting unauthorized activity. Attackers’ agility often exceeds the defenders’ ability to adapt to changing tactics … Read more
The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”. It is hard to know what that immediately means. Did they get system access … Read more
This is part two of a two-part article on secure key distribution in a post-quantum world. Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys. This article will … Read more
The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a message). Cryptography, on the other hand, hides a … Read more
In the Spring 2021 issue of the United States Cybersecurity Magazine, “Human Security Engineering: A New Model for Addressing the “User Problem” I highlighted the strategy of Human Security Engineering to address the User Initiated … Read more
Modern technology advancements are placing consumers into uncharted territory, granting limitless access to the internet and its benefits in varied and unique ways. From Smart Homes that automate key tasks, to the continued evolution of … Read more
Despite best efforts, the cybersecurity professional has yet to be able to adequately handle what people refer to as “The User Problem”. A user will inevitably click on a phishing link. A user will inevitably … Read more
Radio Frequency (RF) security, sometimes called wireless security, is much more than just WiFi. Over the past few years, there has been rapid growth in WiFi training courses, but very few that specialize in RF … Read more
In the Spring of 2019, several organizations worked together to create a forum paper called DevOps Automated Governance.[1] The paper intended to create a reference architecture around Governance, Risk, and Compliance (GRC) and an automated … Read more
An old proverb tells us, “You know nothing until another knows you know it.” Sometimes, though, you don’t want that someone to know sensitive details – just the “fact of.” For example, take April 1942. … Read more
