Eureka! How Pulumi Brought Sanity to Our DevOps Team

I started out my professional career as a software developer then became a DevOps engineer. (Get it? It’s a joke.) The irony is that DevOps is not an engineering discipline at all, it’s actually a set of principles. In fact, the notion of a “DevOps engineer” runs directly contrary to those very principles. Developers and […]

The NGFW is Dead

Let’s get this out of the way: the next-generation firewall (NGFW) is dead. The cause of death: cloud. However, this is not an execution, rather a slow, decline into irrelevance in the face of a more agile competitor. The shroud of death and decay are all around the NGFW products. They are bloated, expensive, and […]

The Human Firewall is a Lie

It is delusional to think we can deprogram millennia of human evolution because information security is difficult. The human firewall is a lie.

Illusions of Information Security – The Struggle for Truth

In October 1995, I finally found my calling. What I found was SQL Injection, perhaps the most prevalent web site hack still alive and well twenty years later. However, what I discovered was that my calling is not about hacking websites, but rather hacking humans.

How to Communicate Risk to Executive Leadership

In an age when cybercrime and advanced persistent threats are creating havoc, how does IT security communicate risk to executive leadership? The key is to deliver business risk intelligence to leadership in a format they can understand and use.

The Failure of the PCI-DSS?

The Target breach has ignited a firestorm of debate over the efficacy of the PCI-DSS. The problem with the PCI-DSS is not the standard, but a deeply flawed an corrupted assessment process.

We Are Privacy and Security Hypocrites

Whether it is personal, local, national or cyber – we adore security, privacy, and spying in all its forms…until it affects us personally…then we hate it with the burring hot passion of 10,000 suns.