Sponsored by:

Weekly Update 71 (Denmark Edition)

I'm in Denmark! Well I'm just in Denmark, I'm about to head out the hotel door and into 30 hours of travel which isn't exactly fun, but that's the nature of living on the other side of the world to pretty much everything. This week's update is a little late as my Friday was absolutely non-stop in Denmark. I talk about that below including the preceding days involving some pretty full on sledding in Norway, workshops, talks, ice, slush and snow. Plus, of course, the actual infosec stuff from the week namely my new Pluralsight course on creating a security-centric culture. iTunes podcast | Google Play Music podcast | RSS podcast References This is the first of a brand new Pluralsight series...

We're Doing an All New Series on Pluralsight: Creating a Security-centric Culture

Usually when we talk about information security, we're talking about the mechanics of how things work. The attacker broke into a system due to a reused password, there was SQL injection because queries weren't parameterised or the company got ransomware'd because they didn't patch their things. These are all good discussions - essential discussions - but there's a broader and perhaps even more important one that we need to have and that's about the security culture within organisations. This is something that's been on my mind for a while, but it really hit me back in September when I was over in Salt Lake City for Pluralsight's LIVE conference. I did a bunch of customer meetings which essentially meant saying...

Weekly Update 70 (NDC London Edition)

It's NDC London! I'm pushing this week's update out a little later due to the different time zones and frankly, due to it being an absolutely non-stop week of events. I talk about those, about how I'm trying to tackle breach disclosures now and about some upcoming events. Next week is Norway and Denmark and I'll be coming to you a little later due to a totally jam-packed Friday, more from me then. iTunes podcast | Google Play Music podcast | RSS podcast References I'm at NDC London! (my talks are done and they'll be online in the coming weeks so until then, here's a bunch of previous ones) Here's how I'm handling breach disclosures (this is a really important part of...

Streamlining Data Breach Disclosures: A Step-by-Step Process

I don't know how many data breaches I'm sitting on that I'm yet to process. 100? 200? It's hard to tell because often I'm sent collections of multiple incidents in a single archive, often there's junk in there and often there's redundancy across those collections. All I really know is that there's hundreds of gigabytes spread across thousands of files. Sometimes - like in the case of the recent South Africa situation - I could be sitting on data for months that's actually very serious in nature and needs to be brought public awareness. The biggest barrier by far to processing these is the effort involved in disclosure. I want to ensure that any incidents I load into Have I...

Weekly Update 69 (Boat Edition)

It's my last day in the sun ☹️ Well, at least it's my last day in the sun for a couple of weeks so today I've gone to the sunniest place I know. It's "the boat edition" of my weekly update and I apologise up front for the rocking motion, the occasional wind noise (I lost the fluffy bit off my smartLav mic) and the gratuitous amount of sunshine and beach. This week is all about heading off on travels again and the Indian Aadhaar system which is making big headlines over that way lately. Plus, I show you a little of what it's like down my way on yet another glorious summer day 😎 (And yes, I'm aware I...

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

India's Aadhaar implementation is the largest biometric system in the world, holding about 1.2 billion locals' data. It's operating in an era of increasingly large repositories of personal data held by both private companies and governments alike. It's also an era where this sort of information is constantly leaked to unauthorised parties; last year Equifax lost control of 145.5 million records on US consumers (this started a series events which ultimately led to me testifying in front of Congress), South Africa had data on everyone living in the country (and a bunch of deceased folks as well) leaked by a sloppy real estate agent and data from Australia's Medicare system was being sold to anyone able to come...

Weekly Update 68

It's 2018! All new year and already someone has gone and broken our computer things courtesy of the Meltdown and Spectre bugs. I only touch briefly on them in this week's update and I refer people to my Twitter timeline for good coverage I've shared. However, there's one resource which stands out above the others and it's this thread from Graham Sutherland. If you want to get a good overview quickly, start there. In other news, I talk about all the NDC events I have coming up: Just been planning my @NDC_Conferences events for 2018, talks and workshops at:London, 15 Jan: https://t.co/Sx8JuWouUyOslo, 22 Jan: https://t.co/XTA8ItnRKTGold Coast, 25 Apr: https://t.co/xIyzZcd6a9Oslo,...

2017 Retrospective

I look back a lot more than what I suspect people realise. Not in a reminiscent way, but rather because I find it helps me put things in perspective. A lot of people like to set personal goals or objectives so that there's something specific they're setting out to achieve but for me personally, I just want to see progress. I want to be able to do these retrospectives - not just on Jan 1 but every day - and say to myself "yeah, I'm happy with how far I've moved ahead". And believe me when I say that not a day goes by where I don't reflect on the last few years and think "yeah, this...

Weekly Update 67

It's Xmas! Well, it was Xmas but I (and hopefully you too) am still in that Xmas period haze where it's hard to tell one day from the next. Apparently, it's also hard to remember to hit record before talking about this week's updates so yeah, good one Troy! But I did eventually record a full update and in an otherwise slow news week, I thought I'd talk a little bit about Xmas down under in Australia. About 93% of visitors to my blog this year have been from other parts of the world (most notably the US and UK) so the idea of a sunny Xmas is foreign to most. I share a bit about what it's like down...

New Pluralsight Course: Care and Maintenance of Development VMs

Regular readers will know I create a lot of Pluralsight courses. It's now 5 years ago I started writing my first one which incidentally, is still my highest rated course every month (apparently the OWASP Top 10 as it relates to ASP.NET is still a big thing). Most of the time, the courses I create are on topics I know well, primarily on security but occasionally with a bit of cloud and development practices sprinkled in for variety. This one, however, is different. Per the title of this blog, my latest course is on using virtual machines for development and the main reason it's "my" course is because Orin Thomas has done all the work! This is...