Is Cybersecurity Awareness Month Worth the Money?
How can we measure the ROI on an awareness month?
Shostack + Friends Blog
Posts in category "doing it differently"
This time for sure, Pinky!
If everyone agrees on what we should do, why do we seem incapable of doing it?
IoT Security & Threat Modeling
Expanding on the UK Government's ‘The Uk Code of Practice for Consumer IoT Security’ and how it aligns with Threat Modeling.
One Bad Apple
I generally try to stay on technical topics, because my understanding is that's what readers want. But events are overwhelming and I believe that not speaking out is now a political choice.
Science of Security, Science for Security
Recent article in Bentham’s Gaze
‘No Need’ to tell the public (?!?)
Secrecy isn't the best policy when it comes to public health.
Leave Those Numbers for April 1st
Over-inflated numbers won't scare me into buying your ‘solution’.
Facebook's Privacy Constitution
[no description provided]
Pivots and Payloads
A new game from SANS for understanding pen test methodology, tactics, and tools.
Just Culture and Information Security
[no description provided]
Threat Model Thursday: ARM's Network Camera TMSA
[no description provided]
Doing Science with Near Misses
Near misses are an important source of information for avoiding accidents, and it's a shame we don't use them in cybersecurity.
Learning from Near Misses
[no description provided]
Interesting Monday Reads
Each of these is long and thought-provoking and worth savoring.
Introducing Cyber Portfolio Management
[no description provided]
2017 and Tidal Forces
[no description provided]