information security Archives

Home » information security

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

Dave Farquhar security, War Stories March 13, 2015April 16, 2017car payment, excel, information security, mortgage, NSA, Password Safe, passwords, yahoo

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do with sensitive information, in order to block it from going out of the company. The NSA wasn’t using DLP back when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.

dfarq.homeip.net

Books every infosec professional needs to read

Dave Farquhar security March 12, 2015March 8, 2015firewall, information security

Firewall maker Palo Alto Networks is sponsoring the Cyber-Security Canon, a sort of Hall of Fame of timeless, classic information security books.

I have to say I haven’t read every book on the list, by a long shot, but the books I have read that made the cut were, indeed, very good indeed. So I think I would be willing to recommend anything on this list without looking any further. Indeed, I probably need to buy a few of these books that I haven’t read and get reading myself.

Dave Farquhar

dfarq.homeip.net

How to become an Info Assurance Analyst

Dave Farquhar security February 11, 2015November 30, 2016CERT, certifications, CISO, cissp, cissp exam, excel, Information Assurance, information security, Liquid Matrix, podcast, trolls, unix, vulnerability

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s how to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me. Read more

Dave Farquhar

dfarq.homeip.net

Non-competes and me

Dave Farquhar Careers January 14, 2015January 18, 2018information security

I’ve read the stories this week about how fast-food chains like Jimmy John’s are forcing employees to sign non-compete agreements.

I’ve been asked to sign a non-compete exactly twice in my career, and signed one once, but neither of them was back in my teenage fast-food days.

Dave Farquhar

dfarq.homeip.net

IT jobs shortage? Slide over to security

Dave Farquhar security September 8, 2014November 20, 2018CISO, cissp, information security, infoworld, Internet Storm Center, job description, Liquid Matrix, Patch Tuesday, podcast, table of contents

IT jobs are getting scarce again, and I believe it. I don’t have a cure but I have a suggestion: Specialize. Specifically, specialize in security.

Why? Turnover. Turnover in my department is rampant, because other companies offer my coworkers more money, a promotion, or something tangible to come work for them. I asked our CISO point blank if he’s worried. He said unemployment in security is 0.6 percent, so this is normal. What we have to do is develop security people, because there aren’t enough of them.

I made that transition, largely by accident, so I’ll offer some advice. Read more

Dave Farquhar

dfarq.homeip.net

The phantom tech worker shortage

Dave Farquhar Uncategorized July 8, 2014July 7, 2014certifications, information security, job description, LinkedIn, Microsoft Office

I saw a story yet again about the tech worker shortage, and the backlash against H1-B visas. Reading the comments on Slashdot, I increasingly got the feeling the shortage is a mirage. The people are out there, but the matchups with job openings aren’t happening.

My experience may be anecdotal, but it mirrors this. Read more

Dave Farquhar

dfarq.homeip.net

Don’t run unknown executables for a dollar. And PLEASE don’t for a penny!

Dave Farquhar security June 24, 2014June 21, 2014antivirus, information security, NIST, preschooler

I can’t bribe my preschooler with a penny anymore, but, sadly, a consortium of Carnegie Mellon University, NIST and Penn State University found that 22% of respondents through Amazon’s Mechanical Turk were willing to run a dodgy unknown executable in return for a penny. Fifty-eight percent would do it for 50 cents, and 64 percent would do it for a dollar.

I’ve been telling people for 17 years not to take executable files from strangers. I know the percentage of people who will bend down to pick up a penny off the ground when they see one is less than 22%, so this saddens me. Read more

Dave Farquhar

dfarq.homeip.net

How I find podcasts to listen to

Dave Farquhar Uncategorized November 12, 2013November 9, 2013android, information security, podcast

Last week I raved about podcasts, and a reader comment asked how I find them. Good question–worthy enough to be the subject of a post, rather than just a two-line comment in response.

There are several ways to find them, and I think it’s worth the effort.

Dave Farquhar

dfarq.homeip.net

Young people aren’t interested in information security? I think it depends on your definitions.

Dave Farquhar security October 25, 2013November 30, 2018information security, journalism, NSA

I saw an assertion on Slashdot today that Millennials aren’t interested in information security, in spite of the average salary in the field being six figures. I’m not sure I agree with the article’s assertion that 24% of those polled being interested translates into disinterest, though. How many of them are interested in other white-collar professions, like medicine or accounting or law?

I also disagree with the article’s definition of information security. The article asserts that information security is working for “The Man,” namely, the government, and information security isn’t just for governments anymore. Read more

Dave Farquhar

dfarq.homeip.net

Another benefit of not having debt

Dave Farquhar Saving money April 13, 2013April 9, 2013car payment, information security, job duties, mortgage

I’ve written about how not having debt gives you power, though I can’t find the particular post at the moment. But I remember when I got my first mortgage. I went to a party, and my boss was there, along with my five other bosses, and the big boss got this look in his eye when I said I’d bought a house. That look in his eye said one thing: I own you, and I can do whatever I want to you.

And he did. From that day forward, all of the assignments nobody else wanted fell on me. Anything that was destined to fail went to me. And the cycle followed me from job to job, then stopped, like turning out a light, the day after my wife and I paid off our mortgage. It was the closest thing to magic I’ve ever seen. One day, I was the guy who got assignments at 3 PM on a Friday that were going to take me 8 hours to get done–and they had to be done by 8 AM on Monday, and one day, I wasn’t that guy anymore.

I tested it again this month. I turned down a job that offered me a $7,000 pay cut. Nothing unusual about that, right? Not in this case. In this case, rejecting that pay cut meant I didn’t have a job anymore. Read more

Dave Farquhar

dfarq.homeip.net

← Previous