Twitter
Starting the week with lovely news, of another dear colleague's well-deserved promotion. She's in an exclusive club…
from twitter_favs
2 days ago
Twitter
Feels like something is in the air today - we're going to change things! 700 people from across the world descendin…
from twitter_favs
2 days ago
Twitter
The secret project , and I have been working on is live in the app store now. It's neither le…
from twitter_favs
3 days ago
Twitter
I see my newsletter started a thought again 😃
Generally good. I’d argue that the ability to reactivel…
from twitter
4 days ago
Twitter
Have you seen any of the Hdac Technology adverts that they’ve paid $$$ to play during the Worl…
from twitter_favs
4 days ago
Twitter
The email notification woke me up so I read it before getting out of bed. Your newsletter had a real…
from twitter_favs
4 days ago
Twitter
Also, I guessed that with DH away you wouldn’t get a lie in and a chance to read it the same way today.
I…
from twitter
4 days ago
Twitter
I just clicked send on my newsletter and naturally immediately noticed a spelling mistake in the title seconds afte…
from twitter
4 days ago
Twitter
I've sent out the 8th CyberWeekly newsletter, filled with interesting links from around the web and some comments f…
from twitter
4 days ago
Twitter
There are two types of interim staff:
1. Those hired for short term projects because staff can’t manage it.…
from twitter
5 days ago
Twitter
I see a huge correlation between "we have too many meetings" and people with open laptops doing work during meeting…
from twitter_favs
5 days ago
Twitter
In 1951, Bertrand Russel took to the to argue that the best answer to fanaticism was a calm search for tru…
from twitter_favs
5 days ago
Twitter
OH "I would argue certificate transparency isn’t actually a bl*ckchain, it’s just similar. One of the key different…
from twitter_favs
6 days ago
Twitter
Oh dear. I made the mistake of reading the comments made by twitter people under the quoted tweet.
That bi…
from twitter
6 days ago
Twitter
Aside from the vg "sack Dr Burnout then!" joke, look how this article draws out the systemic causes of physician bu…
from twitter_favs
6 days ago
Twitter
Yeah. Weirdly I suspect that you’ll find a lot more evidence of open sourced libraries from…
from twitter
8 days ago
SELinux Wiki
Selinux comes to mind. . It was an NSA project based on the Flask work and grew out…
from twitter
8 days ago
Twitter
Selinux comes to mind. . It was an NSA project based on the Flask work and grew out…
from twitter
8 days ago
Blockchain Gets Applied to Cybersecurity | Automation World
"For example, if a hacked node was trying to inject a false password and new user, then the blockchain will operate to reject that and self-heal." But then how would the system know when a node was changing the password correctly? Blockchains aren't magic!
cyberweakly 
8 days ago
Doing digital government in Canada is difficult and that’s the appeal
. is my hero: “Doing digital government in Canada is difficult and that’s the appeal”
from twitter_favs
9 days ago
Twitter
Sure: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline…
from twitter
9 days ago
Twitter
I’m also not convinced it’s valuable. You’d need to narrow down that criteria quite a lot to not just be…
from twitter
9 days ago
Twitter
All right, as promised:

How I saved a non-profit six figures a year by replacing their web infrastructure with…
from twitter_favs
10 days ago
Twitter
Why I love physical boards... "A physical board will seem “SO INEFFICIENT”, but it is this inefficiency that trigge…
from twitter_favs
10 days ago
Twitter
Listen to this, motherfuckers. This is why shadow IT happens. It’s almost never someone doing something actually ba…
from twitter_favs
11 days ago
DNC pushes employees, campaigns to embrace email security habits ahead of midterms
“The overall goal is improve the baseline security practices of a wide group of users that includes in-house staffers, candidates and volunteers spread across the country. “Nearly 80 percent of our users are now either not clicking or at least asking questions about it beforehand,” Krikorian explained. “Being realistic we’ll probably never get to 100 percent compliance but we’re working on it … it’s important that people flag something, anything that seems suspicious … A lot of that happens through Signal to Bob [Lord] or to our help desk, so that we’re informed.”” Note that this is conducting internal phishing campaigns not to blame staff, identify who has clicked links, but to get an understanding of how effective your advice has been. The checklist is a wonderful piece of actionable security advice as well.
newsletter  advice 
11 days ago
Twitter
an example of how far we need to go before blockchain becomes relevant
from twitter_favs
12 days ago
Opinion | To Hackers, We’re Bambi in the Woods - The New York Times
“It was basically hand-to-hand combat in a network,” I practice my cyber-jujitsu everyday just for situations like this 🤦‍♂️
cyberweakly 
13 days ago
Twitter
Her boyfriend? His best mate? Their dad!!!!
from twitter
13 days ago
Twitter
X : I'm on the programme committee for a serverless conference.
Me : What? But you do Kubernetes, containers, OpenS…
from twitter_favs
13 days ago
Twitter
I wrote this 4 years ago before it got hyped out of all proportion. I can still see distributed might…
from twitter_favs
13 days ago
Twitter
1) Security is really only ever an indirect priority (both consumer & enterprise)

2) Security only works if it’s u…
from twitter_favs
14 days ago
Twitter
Cryptocurrency don't actually seem to be working that well as currencies. Huge amount of spec…
from twitter_favs
14 days ago
Twitter
So separating things into ICOs, Cryptocurrency and blockchain. ICO's lots of scams, an equal…
from twitter_favs
14 days ago
Twitter
Seems to me that most of the people who are getting excited about it didn't know that you could digit…
from twitter_favs
14 days ago
Twitter
I think it is still largely a (partial) solution in search of a problem. The current proof-of-work ap…
from twitter_favs
14 days ago
Twitter
My issue with this take (which I totally agree with) is that it outlines that the problems sti…
from twitter
14 days ago
Twitter
I think the hype machine is crashing into the actually-hard problems now, like how you establish trus…
from twitter_favs
14 days ago
Twitter
Because it allows for a network where computation is both supplied and consumed by parti…
from twitter_favs
14 days ago
Tory MP says UK needs a chief blockchain officer | City A.M.
“Hughes makes a series of recommendations in his report 'Unlocking Blockchain' issued today including the appointment of a public-facing chief blockchain officer to coordinate the UK’s strategy on applying blockchain technology to public services and data.” This worries me immensely. This is seeking to force a solution on government departments without a clear idea of what problem it solves. Very tail wagging the dog
newsletter  blockchain 
14 days ago
Twitter
No

Any blockchain technology based on proof of work is actively evil, it destroys more value than it…
from twitter_favs
14 days ago
Twitter
I’m curious. Most of my followers seem pretty sensible.
Do any of you have anything good to say about Blockchain f…
from twitter
14 days ago
Twitter
RT : Exciting new roles available : engagement manager and technical writer. Come help us grow a security team…
from twitter
14 days ago
Use the tools that you need to do good work - Canadian Digital Service
“We’ve chosen to optimize for where our developers spend most of their time.”. This is the crux of one of the issues that security people often don’t understand. Users want good solutions that are close to them. When security offers solutions that are “more secure” but further away from the users, it falls back into the old false dichotomy of user experience is a trade off against security.
newsletter  developers 
14 days ago
Twitter
“Users insecure behavior is among top 3 pain points for companies”. Sure and if we banned the users from…
from twitter_favs
14 days ago
Twitter
Generally an "adapt to all the things" API appeals only to non-technical managers + programmers who haven't seen ho…
from twitter_favs
15 days ago
Twitter
Would be interested in this. Also while containers are touted as a useful commonality, t…
from twitter_favs
15 days ago
Twitter
Very few reasons for going multi cloud justify the drop in capability to lowest common denominator, e…
from twitter_favs
15 days ago
Twitter
Even still, a huge number of abstractions are very leaky. IaaS in conceptually the same and…
from twitter
15 days ago
Twitter
I should write a blog post, because things like terraform, immutable infrastructure and cloud abstract…
from twitter
15 days ago
Twitter
It kind of depends on your definitions. So using say AWS S3 buckets with Azure IaaS might be worth it,…
from twitter
15 days ago
Twitter
Building a multi cloud strategy generally gives you lowest common denominator between the cloud provid…
from twitter
15 days ago
Twitter
Just say no. Cloud agnostic is only worth it when the scale is so significantly large that the cost of…
from twitter
15 days ago
Twitter
As I remember, it was you who worked out what was going on. I wouldn't be so bitter, if python's adhe…
from twitter_favs
15 days ago
NHS data breach affects 150,000 patients in England - BBC News
“The NHS is blaming a coding error for 150,000 patients in England being involved in a data breach.” and here was us thinking it was working as expected
cyberweakly 
15 days ago
Twitter
I remember that, and yeah.
It's a totally obvious feature by language specification and utterly…
from twitter
15 days ago
Twitter
My most painful launch was also exacerbated by python default arguments and I've never quite…
from twitter_favs
15 days ago
Twitter
I like your two docs approach. But I think it needs practice. Drills (on lively playboo…
from twitter_favs
15 days ago
Twitter
Have a folder on a shared drive called “for auditors” and dump those documents in there?…
from twitter
15 days ago
Twitter
If you had those two guides, I’d argue you do have a communicated and documented policy.…
from twitter
15 days ago
Twitter
This kind of stuff annoys me. I get that it sort of raises awareness, but it is meaningless. Is a phishing email a…
from twitter_favs
15 days ago
Twitter
This is great writing. Excellent points made by Dave and lots to consider.
from twitter
15 days ago
Twitter
I.e.
user guides, for end users, embedding security advice into the user guidance rather than separate.…
from twitter
16 days ago
Twitter
I’m increasingly thinking that “what is the user need for this policy” leads you to creating 2 types of…
from twitter
16 days ago
Twitter
Updating some policies recently and I made the mistake of asking “who is the intended audience? Who is s…
from twitter
16 days ago
Twitter
RT : If I had to pick one story had summed up my early career in Silicon Valley, it would have to be the ill-fated launc…
from twitter
16 days ago
Twitter
DevSecOps

Me: Security was always part of the movement.

Also me: if that word brings more people into the movem…
from twitter_favs
16 days ago
Twitter
DH and I resolved something this morning by TALKING TO ONE ANOTHER. It turns out that the thing he does that vaguel…
from twitter_favs
16 days ago
Twitter
“and the innocent act of opening an attached resume could lead to a malicious file crippling the company’s entire i…
from twitter_favs
16 days ago
Cyber security – why you’re doing it all wrong
“If we are honest with ourselves and maybe engaged with our customer base, we would also learn that hardly anyone actually reads the policies, which are generally far too long and in the wrong tone – and even fewer people actually understand them.” Everything about this essay is right. Security is often a complete disaster with failure to recognise what is the reality. We need to take a hard look at what we achieve and determine whether any of our security controls that we take all of our time maintaining is actually worth spending that time.
newsletter  rant 
16 days ago
Cybersecurity in the Workplace: Transforming Employee Error into...
“and the innocent act of opening an attached resume could lead to a malicious file crippling the company’s entire infrastructure”. Opening files is their damn job! Their IT shouldn’t be easy to compromise with a word document
cyberweakly 
16 days ago
« earlier      
#aws #bbcstrikes #bcl8 #cablegate #confs2011 #esc #fullfrontalconf #girlgeek #girlsinit #gmp24 #hhhmcr #java #kindle #lsug #mashableawards #mubarak #route53 #scala #scalecamp #today #uksnow #wikileaks #win #xfactor #yatw #yummy 0day 2factor academia adacdemia ads advice agile agit ai alevels analysis analytics android api appengine. apple apprentice apps appsforkids aprilfool architecture assange attack attention attitude automated automation aws backlog backup badmath banking bashrc bbc bbcstrikes bcl8 beginner bigdata blockchain blog blogging book boostrap bootstrap brands breach breakdown browser browsers build business cablegate cdn chrome cio ciso closing cloud cms code codeofconduct coffeescript comment communications competition compute computing conferences confs2011 container containers contentapi criticism crypto css cto culture cyber cybersecurity cyberweakly cyberweekly darkmarkets dashboards data database datascience dependencies deployment design desktop detection developers development devnest devnestsf devops devsecops diagrams digitalcurrency diversity djugl dns docker documentation ebook ec2 ecosystem editors education election email empathy engineering englandriots esc etsy eurocrisis exploit faas facts fail fanservice feedback fiction flash flot fluidinfo fraud freeapps freemacbook frictionless fullfrontalconf functional funny future futurist game gamedev gameover games gamesdev gaming gdndi gdpr gds gdstecharch gender girlgeek girlsinit glancables glass glitch gmp24 go golang google googleio government graph graphing graphs growing gu_tech guardian guide gyford habits hackday hacking happy haystack hhhmcr hiring history hosting howto hpwebos html html5 hypermedia ide ideas ie6 immutable incident individuals infrastructure injustice innovation insider insiders inspiration installation interviewing interviews intro ios iot ipad it itsy java java8 javascript jccc2 journalism jquery js json jvm kanban kindle lambda languages launch learning leveson liberties library lift links lists loadbalancer local log4j logging logs longreads lovewins lsug machinelearning mail maintainability malware management manager markdown marketing mashableawards math maturity maven mechanicalturk media medium meetings metrics microservices migration ministers minutes mobile mongodb mongouk monitoring mooc mtg mubarak mvp naming nasa nerd networking news newsletter nickleggsfault no2av node.js oas oauth oexchange online opensource oracle organisation osx outage paas paper paradigm parliament pass passion passwords payments performance phishing pipeline poc policy politics pos pr priorities prism privacy process product programming protocol prototyping psychology publisher push puzzle python quality rant readingthe readlater redesign reference regex registry report research resource responsive rest rights risk route53 rpg ruby saas safety sbt scala scalaz scalecamp scalesummit scaling science scrum security sensible seo sequence serverless sexism sidechannel simple singles smartthings social socialmedia source spam speakers sql ssd ssl standards startup startupbritain startups stateactor statics statistics stats status storytime strategy stream study success superiority switch switches team testing text textual threat threatmodel threatmodelling threats thrift timezones today todayguardian todo tool tools training transform transformation trello trust tutorial tweet twitter ui uksnow uml unikernels usage user-centered-security userrespect ux vagrant vi via:popular video videos virtualisation visa vision visualisation visualise vpn warnings web webapps webdev webops webservices well-known whois wikileaks win wordpress writing xfactor xrd xss yatw yes2av youngrewiredstate yrs2011 yummy zeus

Copy this bookmark:



description:


tags: