• 09 Jan 2015

    Core human psychology principles are what hold us back with security

    2015 marks my 26th year working in IT and my 20th year focusing on information security. I'm so fortunate to work in such an amazing field and even luckier to have gained some wisdom over the years that has allowed me understand the true challenges we face with information security! As much as the vendors, researchers, and criminal hackers want us to believe it's the threats that cause all the ...

    Continue Reading...
  • 02 Sep 2014

    Bits & pieces on the 2014 Home Depot data breach

    The news of the new Home Depot credit card breach combined with me being based in Atlanta as well, I feel compelled to share some links to some of the recent pieces I've written about point-of-sale and retail information security in hopes that a nugget or two might prove beneficial to someone out there...here they are:The Target Breach – Can It Be Prevented?Six endpoint management lessons from POS security breachesSecurity ...

    Continue Reading...
  • 18 Aug 2014

    A resource to help with PCI DSS 3.0’s penetration testing methodology requirements

    PCI DSS has been getting a lot of buzz lately and the latest version 3.0 will continue gaining momentum until the many small and medium-sized businesses get their arms around the new requirements. Of particular interest is the updated requirement 11.3 (below) which is much more prescriptive on how to find the actual security flaws that matter.I've always believe that you can't secure what you don't acknowledge...PCI DSS 3.0 now ...

    Continue Reading...
  • 03 Mar 2014

    Interesting sights at #RSAC 2014

    I attended the RSA Conference last week...there was a lot of the same security nonsense (see my posts below) but a very good show nonetheless. You should attend next year, especially if you've never been. With 25,000+ attendees and more vendors than you can ever imagine in this space, it's a spectacle.Speaking of "vendors", one thing that struck me as interesting - what government employee was ballsy enough to use ...

    Continue Reading...
  • 19 Feb 2014

    Step up or step aside, somebody needs to fix your security woes

    I just got off of phone call with some friends/colleagues where we were discussing the latest security trends. After talking it occurred to me that we're basically going backwards in time with information security. It seems with the Target breach, stupid passwords people are still using in 2014, and even today's new SANS-Norse healthcare security report, it just keeps piling up as if nothing works.But it can work - if ...

    Continue Reading...
  • 23 Apr 2013

    Wednesday (early) morning’s webcast: State of Cyber Security 2013

    ISACA and TechTarget are putting it on...It starts tomorrow (Wednesday) morning at 7:45am ET.Several thousand people will be in attendance...it's the largest crowd I've ever spoken to.It'll be engaging. It'll be informative. You'll hear what I really think about Obama's Cybersecurity mandates. You can't miss it.I'll be kicking things off with the keynote...then I'll be followed by some true information security experts:Theresa M. Grafenstine, Inspector General U.S. House of RepresentativesDr. ...

    Continue Reading...
  • 21 Feb 2013

    Yet another reason to get more in tune w/mobile & the cloud

    Here's a good post from Elcomsoft's Vladimir Katalov that underscores the dangers of many things I've written and spoken about in recent years: Cloud security - especially as it relates to mobile apps (and in the case of this piece, iCloud)  Mobile control - BYOD, MDM and all those buzzwords sound nice but what exactly are you doing to ensure the business information that's being carelessly handled by your employees ...

    Continue Reading...
  • 13 Sep 2011

    Stephen Covey’s insight applies to information security

    I love the following quote...very applicable to what we do:"You can't talk yourself out of a problem you behave yourself into." - Stephen CoveyOkay, you may be able to talk your way out of bad security decisions with the right attorneys or a cybersecurity insurance policy. Having worked cases involving data breaches, compliance and intellectual property, I can say that it won't be a short-lived, inexpensive or painless ordeal....

    Continue Reading...
  • 13 Jun 2011

    IT careers, compliance & the Internet “Freedom” Act

    Here are some recent pieces I wrote on IT and security careers and compliance that you may be interested in...content that likely applies to your very situation:Career networking dos and don’ts But Compliance is Someone Else’s Job!Cybersecurity and Internet Freedom Act – New name, same gameEnjoy!As always, be sure to check out www.principlelogic.com/resources.html for links to my 500+ articles, whitepapers, podcasts, webcasts, books and more....

    Continue Reading...
  • 31 Jan 2011

    The Egyptian uprising tie-in with the U.S. Internet kill switch

    The people rioting in Egypt against their oppressive government and the subsequent blocking of the Internet is an interesting issue that has a global reach. Foreign policy aside, have you stopped to think about the ramifications of the cybersecurity "kill switch" bills that our measly politicians are trying to force upon us?As I wrote previously, the proposed Rockefeller-Snowe Cybersecurity Act of 2009 (Senate Bill 773) and Lieberman-Collins-Carper Protecting Cyberspace as ...

    Continue Reading...