Security Cloud Privacy Tech

Tagged With 'Rant'

<< More tags

If Apple’s FaceID Works With Masks On, Will That Reduce Your Security?

😷📲 …finally

Why You Should Build Less, Not More

Just because you can solve a problem, doesn’t mean you should.

An Uncomfortable Admission On Work

Good enough sometimes is.

Is Digital Privacy Important?

Digital privacy is critical in our communities. Why don’t we have it?

How To Explain Complex Technology Topics To A Broad Audience

Here are the steps I use to break down technology topics for a wider audience.

Encryption Is Good For You and Your Community

Should be able to encrypt your communications? The debate is on…again

Would You Put Your Security in the Hands of a Guess?

A lot of risk decisions are made in the dark…why?

What Is Risk?

How do we respond to risk? Do we have the data we need to make an informed decision?

Security Challenges With NFTs

NFTs are digital assets. That means there are cybersecurity concerns with them too.

You Just Bought An NFT, What Did You Actually Buy?

NFTs are all the rage right now. Make sure you understand what they are before diving in.

What Are Blockchain, Web3, and NFTs?

The hype around these terms is muddying the waters. What exactly are NFTs, blockchains, and Web3?

Meeting Goals With Feedback Loops

There are a ton of frameworks out there for building solutions but I think conceptually, it really boils down to goals and feedback loops

Your Goal In Building Something With Technology

It’s exciting building solutions with the latest frameworks and technology. Is that the best route to meet our goals? What ARE our goals?

Digital Privacy Is All About Choice

When we talk about privacy, what are we really talking about? The formal definition of privacy is definitely outdated. What would a good definition be?

Stop Focusing on Stopping Hackers and Cybercriminals

If the goal of cybersecurity is to make sure that the system you are building works as intended and only as intended, what about stopping hackers?

Why Aren’t Security and Privacy Part of the Foundation of Technology?

Security and privacy are inextricably linked. Why aren’t they at the core of all technology?

Security and Privacy Are Linked

Security and privacy are linked yet for some reason, you see privacy experts ignoring the impact of security and security experts who are unconcerned with privacy. Why?

How AI Could Help Ease Your Zoom Fatigue

Is your day chalk full of video calls? Wondering why you’re exhausted at the end of the day? The two might be related 😉. In this column, Robyn and I discuss some of the reasons for ‘zoom fatigue’ and what technology might help address it.

The Goal of Cybersecurity

To make sure that systems work as intended and only as intended. That’s the goal of cybersecurity.

Dumpster Fire

🗑🔥 doesn’t quite cut it anymore. Following a random thought, I dive into the process to create a new official emoji and why isn’t ‘dumpster fire’ in the official list?


#BlackLivesMatter has risen to prominence again in the past weeks as protests spread beyond the USA to the world. A positive shift is happening as anti-racism is taking hold in privileged communities. This is a challenging subject and one that can be difficult to address with your family. Here’s a set of resources that I’ve found …

NULL & Input Validation

NULL is one of many special characters that has a long history in computing. What are the consequences of using NULL as a value provided via user input. The easy answer should be “nothing” but reality is a lot messier. Joseph Tataro set out to get a nerdy license plate and found out just how far the rabbit hole might go…

10x Engineers

Recently on Twitter a nerd fight started around the idea of a 10x engineer. VC Shekhar Kirani kicked things off by advocating that startups do anything to grab these types of employees. Needless to say, a lot of differing opinions were shared on the matter. It’s an interesting topic and one we dive into on the show today.

Update On Mornings With Mark

A quick update on why MwM has been missing the past couple of weeks and where this show is going in the future.

Cybersecurity Motivations

Recently a video of mine was flagged by YouTube’s automated ContentID system which may or may not have been justified. Regardless, it got me thinking of the mismatch in motivations for builders investing in cybersecurity and privacy.

What are those motivators?

Perfectionism In Tech

It’s tempting to search for the perfect solution to a problem. The challenge? That “perfection” rarely exists. But time after time, we seek out these perfect solutions. Nothing’s perfect. Security is far from perfect. But we keep trying for perfect sceurity…why?

Cybersecurity Needs Coders

An interesting op-ed from Dr. Egginton at John Hopkins University highlights some efforts underway in the US to declare learning to code the equivalent of learning a new language.

Both are important but will they help your cybersecurity career?

The Cybersecurity Industry

I you were just starting to try and understand the cybersecurity problem space, a CEO or CIO working to better grasp the challenges facing your organization, how would the industry look? Would you be able to spend wisely? To make decisions taht would actually improve the security of your organization? My view from RSA 2019 in San Francisco

Konmari Your Data

Data is extremely valuable. We’ve seen that with data brokers, social media giants, and almost every company out there. The current attitude is to gather all the data possible, save it forever, and monetize it later on.

That’s problematic for a number of reasons.

Setting Up 2019

2019 is in full effect and I’m stumbling?!?

Planning for a new year is exciting but can also be challenging. When I sat down to plan out 2019 vlogging and what topics to handle around security and privacy, I see a massive opportunity.

But that opportunity can be challenging to break down into manageable pieces…

Squad Goals

150th episode! As I wind down for the year, I always try to look back at what has worked and what hasn’t. This show has evolved from a simple “get some ideas out there” to a regular view on how security privacy impacts our technology and our communities.

On The Importance Of Names

Names matter. They help a community come together around a singular concepts. But what happens when definitions and usage differ?

Unexpected Lessons

Sometimes things don’t go as expected. That can be frustrating and unfortunate…but also an opportunity to learn.

Fortnite, A Service Delivery Example

Fortnite is an international sensation. Despite being truly free-to-play, they are making a lot of money by continually improving the game experience, balancing the in-game economics, and other critical factors.

There is a ton to learn here about delivering a service. Security and IT teams really should look to this type of service in order to …

Delivering Information With Context

After a jam packed AWS re:Invent 2018, I’ve been thinking about how to deliver information to an audience. One of the challenges is delivering that information with enough context that it makes sense to that audience.

Communication At Scale

When you are trying to get a message out to a lot of people, it’s not realistic to try and get them all back to you digital properties. So what do you do? How do you manage trying to hold the same conversations in multiple places? How do you monitor what’s working?

Preparation Is Key

The “secret” to most success is being prepared. Taking a few minutes or hours to map out what you want to happen is far better than trying to figure it out when you’re up against the clock.

Signals And The Data Explosion

Before any big shifts there are always small signals that hint at what’s coming. We’re seeing more and more companies start to make a play for data. Whether it’s as a broker, niche analysis, or in data aggregation. There is risk here if this rapidly growing area is left unchecked.

You Can't Blame 'Em

We build services and solutions using parts provided by other companies. That’s the only way to move forward effectively. When a security or privacy breach happens, how do you handle those parts out of your direct control? Especially considering your customer may not have any idea they exist?

Optimize Your Tools

You know you have to master your tools but are you selecting or building the right tools? A lot of teams over or under engineer their tools. This results in either a failure to return the value invested or lost productivity. Are you hitting the sweet spot?

Politics & Attack Attribution

Cyberattack attribution is HARD. But time and time again, we’re seeing attributions—who carried out the attack—made publicly with little to no evidence presented. Worse, these attributions are having real world impacts…

Master Your Tools

Knowing what the tools in your kit are capable of is critical to success. But can you actually use those features? Do you really understand the implications of the more advanced features of those tools? Sometimes simple is better…and in any case, you better master those tools!

Know Your Audience

Your product/solution/service has a goal and you’ve probably gotten good at articulating that goal…but is that message resonating with the audience you’re in front of right now? Are you adequately customizing the message for each audience?

Automating Your Job

“Don’t do work you don’t have to.” It’s a solid rule and one that you can leverage more often than you think. There are opportunities to automate our work all around us, but do you have the skills to take advantage?

Refreshing Your Perspective

Working deeply on any one problem for too long narrows your perspective. That’s just human nature. Are you taking steps to refresh that perspective? To empathize with teams around you?

Building On Fragile Layers

Nothing is built in isolation. Each technology builds on layers and layers of technology before it. But are those layers worth building on? Can they support the weight of new ideas? How do you account for issues in layers you don’ t control? We’re seeing the negative consequences more and more in the IIoT / OT world…

Keep Decisions Up To Date

Decisions are hard enough that you don’t want to have to revisit them constantly. But that’s exactly what is required in the realm of cybersecurity. Do you have a system in place to review decisions? Are you recording the right information to update those decisions when the time comes?

Most teams do not and it’s taking it’s …

User Experience Is Critical

User experience is often overlooked when it comes to security and privacy. This leads to some confusing, dangerous, and challenging situations that users are forced into. Why?!?

DRUGS!!! and IT Risk and Graphs

Many questions come along with the federal legalization of cannabis in Canada. It’s a massive example of trickle down risk as various controls around usage and methods of delivery are pushed into areas they weren’t designed for. Are you doing the same thing with your IT deployments? Are you evaluating your risk graph?

Virtual Experiences & Content Delivery

Virtual events can be a great way to connect with your audience. They are not only less expensive to run but they are much easier to access for most people. So why are they rarely enjoyable despite having great content?

Communicating FOR Your Audience

When you’re trying to teach, pass along a message, or just generally reach anyone, the key is to understand how THEY want to consume information. That’s a huge gap in most communications today, especially breach notification. Put yourself in the audience’s shoes!

Evidence, Accusations, and Motivation

With the Bloomberg report on hardware hacking looking more in doubt, more and more politics are coming into play. Anytime you evaluate news, it’s important to look at things objectively. Here are a few tips around evaluating cybersecurity news.

Following Up On Tough News

Reflecting back on my keynote at SecTor in Toronto where I delivered some tough new to a roomful of security professionals. Here’s what worked and what could’ve been better!

How To Deliver Tough News

Sometimes you have to deliver really bad news. It’s not your fault, but you’re the one on the hook. How do you deliver it? How do you deliver it without getting mired into the downside?

What Do You Look To Get Out Of Conferences?

Conferences are usually jam packed with great content. So much so that it can be hard to prepare for them and get the most out of them. What do you look for in a conference? How can I help?

Security Is A Quality Issue

Security is a quality issue. Except we don’t treat it that way and that’s costing us dearly.

Cybersecurity Basics #12 - Bolt-on vs Built-in

Built-in security is always best. That’s “security by design” but when that fails (due to mistakes, oversight, humans), built-in security steps up…or, um, in.

Cybersecurity Basics #9 - Attack Attribution

Who did it? It’s a powerful question and the answer to “What is attack attribution?”

Cybersecurity Basics #4 - Perspective

Perspective is a tricky thing….maybe the hardest aspect of cybersecurity

Recharged, Reset, & Rocking

Back from vacation, I recap the show’s structure and new channels as well as the plan around “the basics”

Easy To Use Tools

We’re creating more and more data but despite advancements in data processing, we’re still lacking easy to use tools to understand what’s happening around us. What can we do to fix this?

Toxicity & Security's Responsibility

Security is there to ensure that the systems you build work only as intended. Part of that is realizing the potential for abuse and ensuring that the system and users can continue to work safely…there’s a LOT of work to do.

Discussions At Scale

A lot of the issues facing our communities and sub communities today (deep fakes, encryption, privacy, DevOps, etc.) need active discussions. By their very nature, you can’t really have discussions at scale…right?

HR Challenges & Getting Your First Security Role

Getting your first cybersecurity role can be difficult. Is part of the problem how organizations are hiring talent?

Constant Negative Pressure

You cannot stand at “Red Alert” 24/7 but that’s exactly what we do in cybersecurity…often without realizing it. What impact does that have an our approach? Our attitude? Our mental health?

Assumptions & Outdated Mental Models

Unchecked assumptions are a major risk in any field…but in cybersecurity they take on a whole new level

Remote Work, Cubes, & Everything In Between

Where–physically–do you work? Does it matter?

Balance & Burnout

It’s all too easy to burnout in IT in general…more so in security. Why? What’s the cost?

Fortnite, UI Patterns, and Desired Behaviours

Design has a massive impact on user behaviour. Sadly, it’s often ignored when it comes to security and privacy.

Security Thinking Is Service Design Thinking

We’ve spoken a lot of maintaining and expanding perspective when it comes to cybersecurity. In this episode, we dive in highlight a methodology called “service design thinking”.

Ethics And Action In Technology

Ethical questions and quandaries are tough enough to work though when they are theoretical. But when you’re confronted with them in the real world, there are usually real world consequences. This makes a hard situation even harder. What do you do? What can you do?

Ethics In Technology And Cybersecurity

How new technologies are used and built is really up to us. Regardless of your moral compass, it’s important that you discuss the creation & use of these tools with your teams and larger community.

Net Neutrality

Net Neutrality is a simple dictate that states all network packets must be treated equally. This–of course–tanks a few business models for ISPs and in the US, they have successfully lobbying to remove previously regulations.

What's In A Name?

We know that cybersecurity isn’t the best name to describe what is ostensibly, “information security” but it’s the name we’re stuck with.

Why Can't Security Place Nice With Others?

Is it just attitude that keeps security teams from working well with the rest of the organization? And if so, can that attitude be changed? What’s keeping things so negative. Some thoughts…

Information Security vs. Cybersecurity

At some point in the past few years, the term “information security” took a back seat to “cybersecurity”. Does it matter? Why?

Ethics In Technology & Security

Deep thoughts in this episode around ethics in technology and their use. Sparked by the latest issues around mobile phone tracking, this episode tackles the lack of ethics discussions around security and technology.

The Hallway Track

When you’re at a conference, one of the biggest perks is the “hallway track”. The serendipitous run-ins with people you follow online, speakers, or other attendees. If you’re not putting yourself out there and meeting some new people, you’re doing yourself a disservice. Get out there and say hi!

Fear Uncertainty And Doubt

Cybersecurity is often positioned from the negative. There are bad things coming to get you! What a waste of energy…

Apple vs. The FBI

The FBI and other federal law enforcement in the US (and elsewhere) continue to push back against “going dark”. Thankfully Apple is fighting back, because when we break security systems and processes, no one wins. This post tracks the signficant events in Apple vs. the FBI.

Privacy And Security vs. Usability

It’s often stated that you have to trade usability for security. I call 💩

CPUs, ICOs, and Blockchains

Lots of hype around CPU flaws, ICOs failing, and blockchain. This episode looks to cut through some of it!

Nervous For SXSW

My impressions of my first SXSW and the challenges of getting back on stage after a bit of a break

SXSW Audience Level

Cybersecurity and privacy are a core part of the fabric of all technology. So why are they missing at most non-security conferences?

New Website

In this episode we do a quick recap of the Canadian federal budget announcements around cybersecurity, talk about SXW, and the upcoming launch of the new


There is always new threat to worry about in cybersecurity. Keeping perspective about the likelihood of that threat being an actual issue is critical.


Keeping a personal website up to date is always tricky. The technical pieces are simple, it’s be satisfied with the design and making the commitment to focus on the site when there is a ton of other, maybe more interesting work to be done. Needless to say, this is my restarting this site!