Blog Posts Tagged with "Dave Shackleford"

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud - Security and Incentives

March 04, 2012 Added by:Rafal Los

A cloud service provider who isn't doing well at meeting security controls and requirements has two options - ignore the voluntary attestation and stay off the STAR registry, or only answer certain parts. This makes it impossible to have a level playing field...

Comments  (1)

1b061b1cec6b5898e5326992d9461610

The Cloud’s Low-Rent District

March 01, 2012 Added by:Dave Shackleford

How many CSPs would take security more seriously if they knew there was a provision in every contract stating that customers could publicly describe security failings and immediately move their data and systems elsewhere with no questions asked? I’m sure you’re saying yeah, right...

Comments  (1)

1b061b1cec6b5898e5326992d9461610

Infosec: Where is Our “Long Tail”?

February 20, 2012 Added by:Dave Shackleford

The “long tail” concept illustrates the subtle, often overlooked 20% market that tends to be more niche. We need those organizations that are desperate to find unusual solutions that are not available at all right now. And we need small startups to provide them...

Comments  (2)

1b061b1cec6b5898e5326992d9461610

Does Offensive Security Really Exist?

February 09, 2012 Added by:Dave Shackleford

I want to refute the concept of offensive vs. defensive security staff. It's not realistic. Reason? Offense really exists for one reason – to inform defense. In my mind, this really means we’re ALL defense. We just accomplish our defensive strategy and tactics in different ways...

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Doom, Gloom, and Infosec

February 06, 2012 Added by:Dave Shackleford

I’m perennially happy, but I get the impression that many in infosec are not. Everyone is different, and I don’t want to stereotype, but I do run into a lot of gloomy folks. Why is the infosec profession so unhappy in general?

Comments  (1)

1b061b1cec6b5898e5326992d9461610

Security: Failing Gracefully, or Just Failing?

February 01, 2012 Added by:Dave Shackleford

We’re pretty good at if-then analysis for controls in security. Let’s turn it around though and start thinking if-then in the negative sense. Prevention tools and processes need to fail gracefully and lead us into detection and response mode...

Comments  (0)