Home ยป information security

information security

Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

So my buddy, we’ll call him Bob, runs Data Loss Prevention (DLP) for a big company. DLP is software that limits what you can do withย sensitive information, in order to block it from going out of the company.ย The NSA wasn’t using DLP backย when Ed Snowden was working for them; they probably are now.

Sometimes DLP blocks people from sending their own personal information. Doing so is their right–it’s their information–but from a security point of view, I’m really glad DLP kept them from e-mailing their entire life around in plaintext.

Read More »Don’t e-mail yourself a list of all your passwords and bank account numbers to yourself from work

Books every infosec professional needs to read

Firewall maker Palo Alto Networks is sponsoring the Cyber-Security Canon, a sort of Hall of Fame of timeless, classic information security books.

I have to say I haven’t read every book on the list, by a long shot, but the books I have read that made the cut were, indeed, very good indeed. So I think I would be willing to recommend anything on this list without looking any further. Indeed, I probably need to buy a few of these books that I haven’t read and get reading myself.

How to become an Info Assurance Analyst

So, CNN/Money ran a story on the best 100 jobs in the United States, based on pay, projected job growth over the next 10 years, and quality of life ratings. And there was my job title, at #9. I think you should want to become one, so here’s howย to become an Info Assurance Analyst.

The field desperately needs more of us, so I’m happy to share with you how to become someone like me.Read More »How to become an Info Assurance Analyst

Non-competes and me

I’ve read the stories this week about how fast-food chains like Jimmy John’s are forcing employees to sign non-compete agreements.

I’ve been asked to sign a non-compete exactly twice in my career, and signed one once, but neither of them was back in my teenage fast-food days.

Read More »Non-competes and me

IT jobs shortage? Slide over to security

IT jobs are getting scarce again, and I believe it. I don’t have a cure but I have a suggestion: Specialize. Specifically, specialize in security.

Why? Turnover. Turnover in my department is rampant, because other companies offer my coworkers more money, a promotion, or something tangible to come work for them. I asked our CISO point blank if he’s worried. He said unemployment in security is 0.6 percent, so this is normal. What we have to do is develop security people, because there aren’t enough of them.

I made that transition, largely by accident, so I’ll offer some advice.Read More »IT jobs shortage? Slide over to security

Don’t run unknown executables for a dollar. And PLEASE don’t for a penny!

I can’t bribe my preschooler with a penny anymore, but, sadly, a consortium of Carnegie Mellon University, NIST and Penn State University found that 22% of respondents through Amazon’s Mechanical Turk were willing to run a dodgy unknown executable in return for a penny. Fifty-eight percent would do it for 50 cents, and 64 percent would do it for a dollar.

I’ve been telling people for 17 years not to take executable files from strangers. I know the percentage of people who will bend down to pick up a penny off the ground when they see one is less than 22%, so this saddens me. Read More »Don’t run unknown executables for a dollar. And PLEASE don’t for a penny!

Young people aren’t interested in information security? I think it depends on your definitions.

I saw an assertion on Slashdot today that Millennials aren’t interested in information security, in spite of the average salary in the field being six figures. I’m not sure I agree with the article’s assertion that 24% of those polled being interested translates into disinterest, though. How many of them are interested in other white-collar professions, like medicine or accounting or law?

I also disagree with the article’s definition of information security. The article asserts that information security is working for “The Man,” namely, the government, and information security isn’t just for governments anymore. Read More »Young people aren’t interested in information security? I think it depends on your definitions.

Another benefit of not having debt

I’ve written about how not having debt gives you power, though I can’t find the particular post at the moment. But I remember when I got my first mortgage. I went to a party, and my boss was there, along with my five other bosses, and the big boss got this look in his eye when I said I’d bought a house. That look in his eye said one thing: I own you, and I can do whatever I want to you.

And he did. From that day forward, all of the assignments nobody else wanted fell on me. Anything that was destined to fail went to me. And the cycle followed me from job to job, then stopped, like turning out a light, the day after my wife and I paid off our mortgage. It was the closest thing to magic I’ve ever seen. One day, I was the guy who got assignments at 3 PM on a Friday that were going to take me 8 hours to get done–and they had to be done by 8 AM on Monday, and one day, I wasn’t that guy anymore.

I tested it again this month. I turned down a job that offered me a $7,000 pay cut. Nothing unusual about that, right? Not in this case. In this case, rejecting that pay cut meant I didn’t have a job anymore.Read More »Another benefit of not having debt