Security Training
Making Things Worse by Asking all the Wrong Questions
May 14, 2012 Added by:Rafal Los
Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...
Comments (2)
Are We Reaching Security Conference Overload?
May 14, 2012 Added by:Tom Eston
We have more security and hacking conferences than ever, but now there is also more overlap. These choices can make it harder for researchers to present new and relevant content and also tough to decide which conferences to attend from a attendee perspective...
Comments (0)
CISSP Reloaded Domain 7: Applications and Systems Development
May 09, 2012 Added by:Javvad Malik
Secure applications aren’t the result of evolution or chance conditions coming together. Secure applications are only created with a definite degree of intelligent design. You, as the security person are responsible for providing that intelligent design into the application...
Comments (0)
Fear and Loathing in Infosec: The Black Mass
May 02, 2012 Added by:Scot Terban
Gesticulating and making odd sounds, the hackers milled and jerked around like some strange species of black raptors. Babbling incoherently about arcane knowledge in the hopes of one upping the other hapless technoweens in the room....
Comments (0)
Procrastination in Cybersecurity Legislation
April 30, 2012 Added by:Michelle Valdez
Congress is procrastinating with regards to cybersecurity legislation. The debates will continue about regulation and authorities and privacy rights but in the end, we all need to come together and find the best way to share threat data so that we can protect critical networks...
Comments (0)
On the Value of Security Conferences
April 19, 2012 Added by:Rafal Los
What's interesting is the question of business value. Management sends employees to 'security conferences' to learn something and bring it back to the organization. But what value do the ever-increasing number of security conferences provide as stand-alone events?
Comments (1)
Security BSides Chicago 2012 Presentation Lineup
April 19, 2012 Added by:Security BSides
Each BSides is a community-driven framework for building events for and by information security community members. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. You don’t want to miss it...
Comments (0)
CISSP Reloaded Domain Six: Operations Security
April 19, 2012 Added by:Javvad Malik
Some argue that operations security is primarily focused around IT and bring up the old argument of IT vs infosec and the baggage that comes along with that. It’s an argument as old as whether PC’s are better than Macs, Ninja’s could beat Pirates or Cagney was better than Lacey...
Comments (0)
Hacking-Kung Fu: Aims and Objectives
April 16, 2012 Added by:Quintius Walker
Understanding Kung Fu-Hacking enables you to realize that there is more to it than merely learning form or exploits. Understanding will lead you, if you are still not able to defend yourself in real world situations or compromise systems outside lab environments, to ask why...
Comments (0)
Second Annual Cyber Security Summit (Prague) Write-up
April 16, 2012 Added by:Robert M. Lee
An important aspect of the conference was the ability to network with people from a wide variety of sectors. Establishing new connections, sources of information, and building friendships opens up avenues for much needed information sharing. Emphasis must be placed on education...
Comments (0)
CISSP Reloaded Domain 5: Security Architecture and Models
April 10, 2012 Added by:Javvad Malik
This domain has a good title and there is probably a lot one can talk about. There are not enough competent security architects on the market. Sure you can get a lot of penetration testers of or risk and compliance type people. But good architects are hard to come by...
Comments (0)
CISSP Reloaded Domain 4: Cryptography
March 29, 2012 Added by:Javvad Malik
Cryptography, the dark art of information security. The deus-ex-machina, the silver bullet, the be all and end all of all security measures, so profound cryptography was first classed as a munitions. Widely misunderstood, often poorly implemented...
Comments (1)
CyberPatriot Announces National Championship Winners
March 27, 2012 Added by:Headlines
“CyberPatriot has introduced the area of cyber defense to tens of thousands of students across the country, and they’ve embraced the opportunity to learn and develop the skills to be successful in a field critical to America,” said Bernie Skoch, CyberPatriot Commissioner...
Comments (0)
Pitting Education Against Cyber Attacks
March 26, 2012 Added by:Frank Kim
In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...
Comments (0)
ISA / ANSI: Financial Impact of Breached Health Information
March 20, 2012 Added by:Marjorie Morgan
Webinar participants will hear from industry experts who will highlight strategies for health care organizations and findings from the recently released report, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security...
Comments (0)
Black Hat Europe 2012 Roundup
March 20, 2012 Added by:Javvad Malik
An underlying theme throughout the event from nearly everyone I spoke to was that people are still neglecting the basics. Rafal Los and Shane MacDougall gave an interesting talk on offensive threat modeling for attackers where they took the attackers viewpoint on threats...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?