As part of my 72 seasons (Sorry Lars! Hope you do not sue!) mentoring program, I have been reviewing content together with this half-year’s cohort about effective interviewing and how to spot red flags in a potential interview setting. Today, I am going to write a few words about one easy to miss red flag… Continue reading Examining the writing on the wall – the “sticker rule”

If you own an electric guitar, at some point you had it setup – if you know what a setup is and why is needed in the first place thatis. A setup can be done at the factory or store (think of sane defaults), you can have a luthier set it up (acquisition of external… Continue reading Guitar Setup vs. Cloud Configuration: A Lesson in Proper Configuration

What folks call “AI” these days is in the mainstream, and from the looks of it, it is here to stay – the genie is out of the bottle and the financials are making sense. As the monetary value increases, it is only natural that security stakes are getting higher – there is real money… Continue reading Used car salespeople and the Zen of AI security

Social media potentially contain a wealth of information. At the very least, if you take the time to slowly tune up your persona, you will be getting more of what you find interesting and less of the typical attention-seeking noise – this is especially true for LinkedIn. However, even after spending the aforementioned amount of… Continue reading Social Media Facepalm: “Signs you aren’t ready to be a CISO”

So, for the past months, supposedly we are living the “AI” apocalypse/revolution (depending on your reality tunnel). A lot of folks are predicting doom and gloom, an equal opposing lot of folks are predicting better days ahead. My viewpoint about AI is worth a separate post, which I prefer not to spoil here. As you… Continue reading Dispelling the “AI” hype – one post at a time

What a better way to kickstart 2024 than looking back at 2023. In a nutshell, the second part of 2023 was a watershed moment. Not only have I started blogging more regularly but I have made some conscious decisions about the future of this blog.  The first one is that all these years, I was… Continue reading The Great Southern 2023 meta-blogging post

Adam Shostack has an excellent page on security gamification. So, in case you have not already done so, go and read it, not only is a well written piece but also contains a wealth of games that you can use, as per your use case. Standing on the shoulder of giants, I would like to… Continue reading Information Security? Game On!

This year Metallica released “72 Seasons”. The main loose concept of the record is that our first 72 seasons (18 years) define who we will be for the rest of our lives. If this viewpoint stands or not, is a discussion for a different time, however it got me thinking: “What are my 72 Seasons… Continue reading My 72 Seasons and How Can I Pay Them Forward

A few days ago, I blogged about some common Cloud Security specific misconceptions – focusing on how the Cloud (or Containers or Kubernetes) does not magically make insecure software or infrastructure configurations, secure. The axiom of this article is that the cloud providers themselves do keep their part of the deal – a public cloud… Continue reading When Cloud Shared Responsibility Security Model Fails

My last post was about TetraBURST. Kim Zetter has an interview with Brian Murgatroyd, chair of the technical body at ETSI responsible for TETRA development. You can read the interview there. Highly recommended reading.