security Archives

Home » security » Page 2

Never give a cop your phone and other security tips

Dave Farquhar security December 4, 2024February 11, 2025

The political climate in the United States means everyone, but especially marginalized groups, need to be thinking about phone security. It’s not just something security professionals and people who handle sensitive information for a living need to worry about anymore. In light of that, I present five phone security tips I wish everyone knew and followed.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

How to choose a VPN service

Dave Farquhar security October 21, 2024October 21, 2024

A few years back, an acquaintance asked me if I could recommend a VPN. And I’m afraid I didn’t give the best advice, so I want to recant and remedy that now. I think there are some misconceptions about what a VPN can and can’t do for you, so you may decide you don’t actually need one. But if you do need one, there is one and only one specific VPN I recommend. In this blog post, I’ll tell you how I came to choose this specific VPN service.

Dave Farquhar

dfarq.homeip.net

Overcoming learned helplessness in security

Dave Farquhar security October 9, 2024May 13, 2025

Today I want to talk about a concept called learned helplessness, something that was widely studied and taught in the 1980s, but seems to have fallen by the wayside a bit today, although I certainly see it happening today. Computer security, especially the fields of vulnerability management and patch management, are very prone to learned helplessness. The good news is, it’s possible to overcome.

Dave Farquhar

dfarq.homeip.net

Hash collisions in computer security

Dave Farquhar Retro Computing, security March 18, 2024March 26, 2024

Last week, Robin of the YouTube channel 8-bit Show and Tell wondered out loud on Twitter why Chrome flags Netracer 1.1, a modern indie Commodore 64 game, as malware. I think this is a classic case of hashing algorithms having gone wrong. In this blog post, I’ll explain what a hash collision is, using this collision of my hobby of retro computing and my day job of information security as an example.

Dave Farquhar

dfarq.homeip.net

Resume hacks for your first (or next) security job

Dave Farquhar security March 12, 2024March 12, 2024

It’s hard to get a job, especially a security job, when everyone is looking for a unicorn. What your guidance counselor in college told you probably isn’t enough to make your resume look like one from a unicorn. So in this blog post, I’ll share you the resume hacks you need to help you stand out so you get the interview, and in turn, land your first (or next) security job.

Dave Farquhar

dfarq.homeip.net

You don’t need cyber threat intelligence. Buy this instead

Dave Farquhar security March 4, 2024March 2, 2024

Last week I saw another hot take on Twitter. This Twitter influencer asserted that for most organizations, Cyber Threat Intelligence (CTI) is a waste of money and they would be better off spending that money elsewhere. In this blog post, I will dig into this argument, including what proper use of Cyber Threat Intelligence looks like.

Dave Farquhar

dfarq.homeip.net

Is CISSP worth it in 2024? How to know

Dave Farquhar security February 26, 2024February 19, 2024

I’ve had two different people ask me in the last month if CISSP is still worth it in 2024. I have mixed feelings, so in this blog post, I’ll explore this complicated question so you can decide if CISSP is still worth it for you.

Dave Farquhar

dfarq.homeip.net

Wireshark security risk and how to manage it

Dave Farquhar security February 19, 2024February 19, 2024

A couple of social media influencers got into an argument over banning Wireshark in corporate environments because Wireshark is a security risk. While I don’t like getting involved in this type of drama, the argument does raise an important point in information security and vulnerability management. It’s very important as a security professional not to overplay the hand you’re dealt.

Dave Farquhar

dfarq.homeip.net

How Tenable sets plugin severity

Dave Farquhar security February 6, 2024March 11, 2024

How Tenable sets plugin severity is a question customers have been asking me for years, dating back to the days I worked for Tenable partners. It can be a bit complicated, so in this blog post I will explain what goes into Tenable plugin severity.

Dave Farquhar

dfarq.homeip.net

What peer benchmarking is in vulnerability management

Dave Farquhar security January 31, 2024February 19, 2024

Successful vulnerability management is deceptively simple. It comes down to being able to answer yes to two questions: Are you fixing the right things? And are you fixing them fast enough? But how fast is fast enough? In this blog post, I’ll explain how I use peer benchmarking to help companies figure out how fast is fast enough. I’ll also explain how to know if your security policies are less popular than speed limit laws, and why that will make them fail.

Dave Farquhar

dfarq.homeip.net