• Backpacking In Europe – Two Weeks Of Flights 2021

    This is somewhat of a “stream of consciousness” diary of my EU Flight Trip – 10/25/21-11/8/21. Yes, it’s long (sums up over 40 hours of flying), and veers off the security/hacking/risk content typically here. But it’s a new hobby for me, and I do find it fascinating and teaching – especially how to approach a…

  • Elastic Permissions

    Over the past two years my colleagues and friends have heard me talk about Elastic Permissions, and at some point I started hearing other people mention the term (yay for planting the seeds through consistently using a new term…). So I figured – for the sake of clarity, let’s put this out there for posterity.…

  • Incentives and metrics

    “you have to be very careful of what you incent people to do, because various incentive structures create all sorts of consequences that you can’t anticipate” Steve Jobs Observation 1: As more companies are enforcing a work from home (WFH) policy these days, a new trend is starting to emerge. I’ve already observed at least…

  • The Product Versus Skill Pendulum In Security And The Need For Better Solutions

    This post was originally published on Forbes Security used to be easy–a fairly binary condition over whether you are protected or not, whether you are patched or not, or whether the port is accessible to outside IP addresses or not. And then came complexity: Overlaying different aspects of vulnerabilities. Factoring in application issues, platform bugs,…

  • Trust-Building For Security

    This post was originally published on Forbes Trust is a fickle thing. And, weirdly enough, the basic assumption of a lot of security practices seems to include a certain level of trust in users that is pretty hard to justify these days. This is why we see so many successful breaches that can be traced…