security

What is a user story?

Dave Farquhar security
What is a user story?

If you work in IT or security, you are pretty much expected to know what a user story is. That can be a problem if your background is not in software development, or if your education or background predates the agile software development model. So what is a user story and how do you write one?

User stories are similar to milestones in project management. That was how it was first explained to me. But you don’t write a user story quite the same way that you would write a milestone in project management. The other thing is mixing the two can lead to miscommunication. I was once involved in a meeting where a manager insisted on using user stories, because he had been a software developer, but this wasn’t a project involving software development. So nobody else knew what he was talking about.

User stories are a product management or software development tool. They aren’t something everyone knows.

Read more

Why does my wifi say not secure?

Dave Farquhar security
Why does my wifi say not secure?

Sometimes, if you get a new device, or if you connect to a network you’ve never connected to, you can receive a message that says your Wi-Fi is not secure. Why does my wifi say not secure? Here’s why, and also why you shouldn’t ignore that message.

That message got your attention, didn’t it? It’s designed to get your attention. And it’s really easy to dismiss it as being alarmist. People have a tendency to either greatly overestimate or underestimate how much interest someone might have in attacking them. Especially if I tell you that the security that you’re getting a warning about has much more to do with privacy than it does with viruses. That message does not mean that this network is any more or less likely to infect you with a viruses.

But you need to do something about it when you see this message. First let me tell you why, then I will tell you what you need to do.

Read more

What motivated the FBI e-mail hacker

Dave Farquhar security
What motivated the FBI e-mail hacker

Over the weekend of Nov 13, 2021, the FBI acknowledged unauthorized emails coming from a legitimate FBI email address to about 100,000 organizations warning them about ransomware. It appears to be the work of a self-styled white hat hacker, or security researcher.

I am a security professional. I am going to remind everyone that these are not the opinion of my current or any former employer. I have strong opinions on the, and those opinions are incredibly unpopular among security professionals. They may or may not agree with me privately, but agreeing with me publicly is not a great idea.

Read more

Private vs public IP address

Dave Farquhar security, Servers and Networking
Private vs public IP address

It is important to know how to distinguish between a private vs public IP address. IT professionals and security professionals frequently have to work with them, and it is a very common job interview question, and certification question. Here are the ranges of private IP addresses, and why we need them.

Read more

Is data privacy important?

Dave Farquhar security
Is data privacy important?

I hear the argument all the time that if you aren’t doing anything wrong, you don’t have to worry about privacy. So is data privacy important? I’ll tell you why it is.

There was a very vocal element of society that was very anti-data privacy until 2021. Once the COVID vaccine was released, suddenly they became very concerned about their privacy. I hope that element of society learned some empathy from this. How they felt about their privacy is how the rest of us feel when it comes to large corporations tracking our every move.

Read more

LinkedIn is annoying? Tips to make it better

Dave Farquhar Careers, security
LinkedIn is annoying? Tips to make it better

I definitely have mixed feelings about LinkedIn. It’s helped me get several jobs, but it can also have the same pitfalls of any social network. Plus some that are unique to LinkedIn. If Linkedin is annoying you, here are some things I did to make LinkedIn less annoying and more helpful.

Read more

What is ASM in security?

Dave Farquhar security
What is ASM in security?

What is ASM in security? ASM stands for attack surface management. It solves a real security problem. But it may not be the security problem that you think it solves, and it also doesn’t solve it as completely as it sounds like it may. Let’s talk about what ASM does and whether you might want it.

Read more

Mental health and infosec

Dave Farquhar security
Mental health and infosec

In Australia, they have a national day called R U Ok. And one of my Australian coworkers used that as an opportunity to reach out to the rest of the company. We all thanked him. Mental health is a problem in the field of computer security, and IT as a whole, and we rarely talk about it. It’s time that we start. Let’s take the taboo out of mental health and infosec.

Read more

Rebuild machines without making duplicates in Qualys or Tenable

Dave Farquhar security
Rebuild machines without making duplicates in Qualys or Tenable

My friend does vulnerability management for a company that likes to rebuild machines instead of patching them. I don’t judge; that’s how I wanted to patch machines when I was a sysadmin but I didn’t have fast enough storage. But if you do this, you’re liable to end up with duplicate machines in your reports. One unpatched, and the other one (hopefully) patched. Here’s how to rebuild machines without making duplicates in Qualys or Tenable.

Read more

Choose your passwords carefully

Dave Farquhar security
Choose your passwords carefully

I participated in a brief discussion on Twitter the other week about being careful how you choose your passwords. Passwords can and will show up in places you don’t intend. When that happens, you don’t want it to cause a problem. Here’s what happened to me once when I didn’t choose a password carefully.

Read more