Here are the steps I use to break down technology topics for a wider audience.
Should be able to encrypt your communications? The debate is on…again
A lot of risk decisions are made in the dark…why?
NFTs are digital assets. That means there are cybersecurity concerns with them too.
NFTs are all the rage right now. Make sure you understand what they are before diving in.
The hype around these terms is muddying the waters. What exactly are NFTs, blockchains, and Web3?
There are a ton of frameworks out there for building solutions but I think conceptually, it really boils down to goals and feedback loops
It’s exciting building solutions with the latest frameworks and technology. Is that the best route to meet our goals? What ARE our goals?
When we talk about privacy, what are we really talking about? The formal definition of privacy is definitely outdated. What would a good definition be?
If the goal of cybersecurity is to make sure that the system you are building works as intended and only as intended, what about stopping hackers?
Security and privacy are inextricably linked. Why aren’t they at the core of all technology?
Security and privacy are linked yet for some reason, you see privacy experts ignoring the impact of security and security experts who are unconcerned with privacy. Why?
Is your day chalk full of video calls? Wondering why you’re exhausted at the end of the day? The two might be related 😉. In this column, Robyn and I discuss some of the reasons for ‘zoom fatigue’ and what technology might help address it.
To make sure that systems work as intended and only as intended. That’s the goal of cybersecurity.
🗑🔥 doesn’t quite cut it anymore. Following a random thought, I dive into the process to create a new official emoji and why isn’t ‘dumpster fire’ in the official list?
#BlackLivesMatter has risen to prominence again in the past weeks as protests spread beyond the USA to the world. A positive shift is happening as anti-racism is taking hold in privileged communities. This is a challenging subject and one that can be difficult to address with your family. Here’s a set of resources that I’ve found …
NULL is one of many special characters that has a long history in computing. What are the consequences of using NULL as a value provided via user input. The easy answer should be “nothing” but reality is a lot messier. Joseph Tataro set out to get a nerdy license plate and found out just how far the rabbit hole might go…
Recently on Twitter a nerd fight started around the idea of a 10x engineer. VC Shekhar Kirani kicked things off by advocating that startups do anything to grab these types of employees. Needless to say, a lot of differing opinions were shared on the matter. It’s an interesting topic and one we dive into on the show today.
A quick update on why MwM has been missing the past couple of weeks and where this show is going in the future.
Recently a video of mine was flagged by YouTube’s automated ContentID system which may or may not have been justified. Regardless, it got me thinking of the mismatch in motivations for builders investing in cybersecurity and privacy.
What are those motivators?
It’s tempting to search for the perfect solution to a problem. The challenge? That “perfection” rarely exists. But time after time, we seek out these perfect solutions. Nothing’s perfect. Security is far from perfect. But we keep trying for perfect sceurity…why?
An interesting op-ed from Dr. Egginton at John Hopkins University highlights some efforts underway in the US to declare learning to code the equivalent of learning a new language.
Both are important but will they help your cybersecurity career?
I you were just starting to try and understand the cybersecurity problem space, a CEO or CIO working to better grasp the challenges facing your organization, how would the industry look? Would you be able to spend wisely? To make decisions taht would actually improve the security of your organization? My view from RSA 2019 in San Francisco
Data is extremely valuable. We’ve seen that with data brokers, social media giants, and almost every company out there. The current attitude is to gather all the data possible, save it forever, and monetize it later on.
That’s problematic for a number of reasons.
2019 is in full effect and I’m stumbling?!?
Planning for a new year is exciting but can also be challenging. When I sat down to plan out 2019 vlogging and what topics to handle around security and privacy, I see a massive opportunity.
But that opportunity can be challenging to break down into manageable pieces…
150th episode! As I wind down for the year, I always try to look back at what has worked and what hasn’t. This show has evolved from a simple “get some ideas out there” to a regular view on how security privacy impacts our technology and our communities.
Names matter. They help a community come together around a singular concepts. But what happens when definitions and usage differ?
Sometimes things don’t go as expected. That can be frustrating and unfortunate…but also an opportunity to learn.
Fortnite is an international sensation. Despite being truly free-to-play, they are making a lot of money by continually improving the game experience, balancing the in-game economics, and other critical factors.
There is a ton to learn here about delivering a service. Security and IT teams really should look to this type of service in order to …
After a jam packed AWS re:Invent 2018, I’ve been thinking about how to deliver information to an audience. One of the challenges is delivering that information with enough context that it makes sense to that audience.
When you are trying to get a message out to a lot of people, it’s not realistic to try and get them all back to you digital properties. So what do you do? How do you manage trying to hold the same conversations in multiple places? How do you monitor what’s working?
The “secret” to most success is being prepared. Taking a few minutes or hours to map out what you want to happen is far better than trying to figure it out when you’re up against the clock.
Before any big shifts there are always small signals that hint at what’s coming. We’re seeing more and more companies start to make a play for data. Whether it’s as a broker, niche analysis, or in data aggregation. There is risk here if this rapidly growing area is left unchecked.
We build services and solutions using parts provided by other companies. That’s the only way to move forward effectively. When a security or privacy breach happens, how do you handle those parts out of your direct control? Especially considering your customer may not have any idea they exist?
You know you have to master your tools but are you selecting or building the right tools? A lot of teams over or under engineer their tools. This results in either a failure to return the value invested or lost productivity. Are you hitting the sweet spot?
Cyberattack attribution is HARD. But time and time again, we’re seeing attributions—who carried out the attack—made publicly with little to no evidence presented. Worse, these attributions are having real world impacts…
Knowing what the tools in your kit are capable of is critical to success. But can you actually use those features? Do you really understand the implications of the more advanced features of those tools? Sometimes simple is better…and in any case, you better master those tools!
Your product/solution/service has a goal and you’ve probably gotten good at articulating that goal…but is that message resonating with the audience you’re in front of right now? Are you adequately customizing the message for each audience?
“Don’t do work you don’t have to.” It’s a solid rule and one that you can leverage more often than you think. There are opportunities to automate our work all around us, but do you have the skills to take advantage?
Working deeply on any one problem for too long narrows your perspective. That’s just human nature. Are you taking steps to refresh that perspective? To empathize with teams around you?
Nothing is built in isolation. Each technology builds on layers and layers of technology before it. But are those layers worth building on? Can they support the weight of new ideas? How do you account for issues in layers you don’ t control? We’re seeing the negative consequences more and more in the IIoT / OT world…
Decisions are hard enough that you don’t want to have to revisit them constantly. But that’s exactly what is required in the realm of cybersecurity. Do you have a system in place to review decisions? Are you recording the right information to update those decisions when the time comes?
Most teams do not and it’s taking it’s …
User experience is often overlooked when it comes to security and privacy. This leads to some confusing, dangerous, and challenging situations that users are forced into. Why?!?
Many questions come along with the federal legalization of cannabis in Canada. It’s a massive example of trickle down risk as various controls around usage and methods of delivery are pushed into areas they weren’t designed for. Are you doing the same thing with your IT deployments? Are you evaluating your risk graph?
Virtual events can be a great way to connect with your audience. They are not only less expensive to run but they are much easier to access for most people. So why are they rarely enjoyable despite having great content?
When you’re trying to teach, pass along a message, or just generally reach anyone, the key is to understand how THEY want to consume information. That’s a huge gap in most communications today, especially breach notification. Put yourself in the audience’s shoes!
With the Bloomberg report on hardware hacking looking more in doubt, more and more politics are coming into play. Anytime you evaluate news, it’s important to look at things objectively. Here are a few tips around evaluating cybersecurity news.
Reflecting back on my keynote at SecTor in Toronto where I delivered some tough new to a roomful of security professionals. Here’s what worked and what could’ve been better!
Sometimes you have to deliver really bad news. It’s not your fault, but you’re the one on the hook. How do you deliver it? How do you deliver it without getting mired into the downside?
Conferences are usually jam packed with great content. So much so that it can be hard to prepare for them and get the most out of them. What do you look for in a conference? How can I help?
Security is a quality issue. Except we don’t treat it that way and that’s costing us dearly.
Built-in security is always best. That’s “security by design” but when that fails (due to mistakes, oversight, humans), built-in security steps up…or, um, in.
Who did it? It’s a powerful question and the answer to “What is attack attribution?”
Perspective is a tricky thing….maybe the hardest aspect of cybersecurity
Back from vacation, I recap the show’s structure and new channels as well as the plan around “the basics”
We’re creating more and more data but despite advancements in data processing, we’re still lacking easy to use tools to understand what’s happening around us. What can we do to fix this?
Security is there to ensure that the systems you build work only as intended. Part of that is realizing the potential for abuse and ensuring that the system and users can continue to work safely…there’s a LOT of work to do.
A lot of the issues facing our communities and sub communities today (deep fakes, encryption, privacy, DevOps, etc.) need active discussions. By their very nature, you can’t really have discussions at scale…right?
Getting your first cybersecurity role can be difficult. Is part of the problem how organizations are hiring talent?
You cannot stand at “Red Alert” 24/7 but that’s exactly what we do in cybersecurity…often without realizing it. What impact does that have an our approach? Our attitude? Our mental health?
Unchecked assumptions are a major risk in any field…but in cybersecurity they take on a whole new level
It’s all too easy to burnout in IT in general…more so in security. Why? What’s the cost?
Design has a massive impact on user behaviour. Sadly, it’s often ignored when it comes to security and privacy.
We’ve spoken a lot of maintaining and expanding perspective when it comes to cybersecurity. In this episode, we dive in highlight a methodology called “service design thinking”.
Ethical questions and quandaries are tough enough to work though when they are theoretical. But when you’re confronted with them in the real world, there are usually real world consequences. This makes a hard situation even harder. What do you do? What can you do?
How new technologies are used and built is really up to us. Regardless of your moral compass, it’s important that you discuss the creation & use of these tools with your teams and larger community.
Net Neutrality is a simple dictate that states all network packets must be treated equally. This–of course–tanks a few business models for ISPs and in the US, they have successfully lobbying to remove previously regulations.
We know that cybersecurity isn’t the best name to describe what is ostensibly, “information security” but it’s the name we’re stuck with.
Is it just attitude that keeps security teams from working well with the rest of the organization? And if so, can that attitude be changed? What’s keeping things so negative. Some thoughts…
At some point in the past few years, the term “information security” took a back seat to “cybersecurity”. Does it matter? Why?
Deep thoughts in this episode around ethics in technology and their use. Sparked by the latest issues around mobile phone tracking, this episode tackles the lack of ethics discussions around security and technology.
When you’re at a conference, one of the biggest perks is the “hallway track”. The serendipitous run-ins with people you follow online, speakers, or other attendees. If you’re not putting yourself out there and meeting some new people, you’re doing yourself a disservice. Get out there and say hi!
Cybersecurity is often positioned from the negative. There are bad things coming to get you! What a waste of energy…
The FBI and other federal law enforcement in the US (and elsewhere) continue to push back against “going dark”. Thankfully Apple is fighting back, because when we break security systems and processes, no one wins. This post tracks the signficant events in Apple vs. the FBI.
It’s often stated that you have to trade usability for security. I call 💩
Lots of hype around CPU flaws, ICOs failing, and blockchain. This episode looks to cut through some of it!
My impressions of my first SXSW and the challenges of getting back on stage after a bit of a break
Cybersecurity and privacy are a core part of the fabric of all technology. So why are they missing at most non-security conferences?
In this episode we do a quick recap of the Canadian federal budget announcements around cybersecurity, talk about SXW, and the upcoming launch of the new markn.ca
There is always new threat to worry about in cybersecurity. Keeping perspective about the likelihood of that threat being an actual issue is critical.
Keeping a personal website up to date is always tricky. The technical pieces are simple, it’s be satisfied with the design and making the commitment to focus on the site when there is a ton of other, maybe more interesting work to be done. Needless to say, this is my restarting this site!