The Problem with Compliance

The Problem with Compliance

After a decade of doing compliance assessment work, I’m coming to terms with an uncomfortable truth: nobody likes compliance. It’s a miserable time-suck that slows down forward momentum. How did this happen? Where did compliance go wrong? Why is compliance...
What is Compliance Automation?

What is Compliance Automation?

When the technology industry is not inventing new gadgets, it is inventing new words, such as a next-generation firewall. This contrived word ultimately reshaped an entire market segment. The newest word on the market is Compliance Automation. Which is near and dear...
Owning SAML

Owning SAML

Exploiting a SAML Implementation and SAML Vulnerability During a recent web application test, I discovered a bug in a Security Assertion Markup Language (SAML) implementation. This bug involved an insecure implementation of a SAML feature combined with a custom...
CyberSecurity 2028: By Default, By Design

CyberSecurity 2028: By Default, By Design

In her keynote at the RSA Conference this year, futurist and game designer Jane McGonigal said: any useful statement about the future should at first seem ridiculous. In the post-RSAC recovery period, I pondered the future trends in information security and built my...