Woodsy Owl 2016 – Don’t Pollute Software!

It’s been 6-years David Rice’s presentation and 4-years since my related blog post.  I can safely assume it had some impact on me.  I’m not sure if pollution or health care is the better metaphor for security but clearly national action is needed.  It’s interesting to me society could mustered the interest and investment to improve national sentiment around pollution.  Software security is no less of a challenge.  I’m confident such an effort will develop around software security someday.  There’s no way society can continue the present course of increasing size and scope of national security incidents while continuing to shrug them off.  Someday the level of pain, suffering, and public outcry will force action.

Please follow and like us:

Funniest Security/Privacy Tweet of 2016


Soghoian is referring to a piece of tape FBI Director Comey places over his laptop camera.  The subtle message for the public is that electronic privacy is for the privileged elite.

Please follow and like us:

CISO Meme

Photo 1: Click to Enlarge

I see a lot of companies without top security leadership representation, CISO’s.  Check out a few company leadership pages sometime.  The point is that with no application security expert in the board room don’t expect security concerns to be raised until your next public security incident.  Keep in mind the job of the CISO is not scape goat for your next public security incident; we are way past that now, it’s to identify and reduce business risks/injury posed by technology products/services to acceptable levels.  Two points, 1) you need a CISO, 2) hire a knowledgeable CISO if you like your executive job or board position.

A couple of cases that could have been avoided or gone much better with a knowledgeable CISO…
FTC.gov:  The Matter of LabMD, Inc.
Forbes.com:  Target CEO Fired – Can You Be Fired If Your Company Is Hacked?

*Photo from Transformers film, 2007

Please follow and like us: