• 03 Dec 2007

    My articles from this week

    Here are my recent information security articles you may be interested in. For all of my past content be sure to check out www.principlelogic.com/resources.html. How to get developers to buy into software security Cheap Microsoft licenses for security pros: the Microsoft Action Pack Mobile security: Setting responsible goals Mobile security: Top oversights You may need to perform a quick third-party registration to access some of them. Enjoy!...

    Continue Reading...
  • 02 Dec 2007

    An excellent compliance resource you’ve gotta check out

    If compliance is anywhere on your radar (I'm pretty sure that includes all of us!) then you've gotta check out Rebecca Herold's compliance blog and portal called the Realtime Community | IT Compliance. I've known and worked with Becky for years and can vouch for her level of knowledge in the compliance and privacy arenas. The hosting company for this site is Realtime Publishers for whom I've written a book ...

    Continue Reading...
  • 29 Nov 2007

    Don’t expect to get paid for what you have on paper

    Don't fall into the misperception that just because you've earned a college degree (especially one in infosec) or the CISSP certification that money, respect, and a great job will fall right into your lap. I thought this same thing coming out of school, but as I found out, it doesn't work that way in the real world. I hear people often say "I've got to to hurry up and finish ...

    Continue Reading...
  • 28 Nov 2007

    Welcome to my new blogging platform

    You may have noticed a lull since my last posting. Believe it or not, I've been fighting and fighting and fighting some more with my previous blog software/platform that I was hosting on my own to get it to do what I needed. After many iterations of trying to edit templates, change styles, installing and re-installing MySQL, PHP, Apache, Perl...you name it, I realized that I wasn't spending my time ...

    Continue Reading...
  • 26 Oct 2007

    My articles from this week

    A new thing I'm going to start doing on my blog is linking to any articles I've recently written for TechTarget and other trade publications. Sort of an added bonus to what I write here in my blog. For all of my past content be sure to check out www.principlelogic.com/resources.html. Here are this week's entries: Eight reasons to do source code analysis on your web application Database security testing terms: ...

    Continue Reading...
  • 17 Oct 2007

    Don’t test your Web applications because they’re too critical…? What!?

    I can't tell you how many times I've come across network managers who choose to ignore their most critical business applications - all in the name of system uptime. I had a recent event that sparked this very post. The general perception is "We haven't tested our e-commerce/online banking/employee portal/ fill-in-the-blank Web application for security vulnerabilities - we're afraid it may go down if it's hit too hard..." My initial ...

    Continue Reading...
  • 11 Oct 2007

    The industry’s first patch management program?

    Apparently I was ahead of my time. Way back in 1996 I wrote and sold a program called LANUP through a consulting company a buddy of mine and I ran on the side. LANUP - short for local area network update - was designed for NetWare operating systems. I wrote it out of desperation because I was administering so many NetWare servers at the time - I needed some automation. ...

    Continue Reading...
  • 08 Oct 2007

    Are you open minded?

    One thing I talk about when speaking on information security careers is something that many overlook yet it can make or break our success in this field. It's learning from others and continually educating yourself throughout your career. A lot of us in IT are pretty closed-minded. It's not just toddlers and teenagers that think they know it all - it's often ourselves and our peers. A typical mindset is ...

    Continue Reading...
  • 02 Oct 2007

    What’s it going to take to encrypt laptop drives?!

    So, the latest in the lost laptop world is that 800,000 job applicants of Gap, Inc. now have their personal information exposed. Apparently the laptop was stolen from the office of an "experience third-party vendor". Experienced in what? Not taking security seriously? Apparently the contractor wasn't using encryption which was in violation of an agreement it had with Gap, Inc. You mean contracts aren't enough to protect information? Go figure.Gee ...

    Continue Reading...
  • 28 Sep 2007

    Is Your Wireless Encryption Enough?

    After reading this piece about the recently released report on the TJX breach from the Office of the Privacy Commissioner of Canada and the office of the Information and Privacy Commissioner of Alberta, I had a thought about the false sense of security that wireless encryption gives us. TJX was apparently using both WPA and WEP for wireless encyrption but it was the WEP that got them into trouble. The ...

    Continue Reading...