one of the main reasons Security community has hard time securing “stuff”, is lack of understanding of Hackers community. without knowing motives, the motivations behind breaking into computer systems, and deep knowledge of hacking and cracking techniques, securing a system is pointless. results are telling us every single day that we are not doing the… Continue reading you won’t get there without knowing the truth!
It is very late for international community to act on fighting against Ransomware and Cyber-crime in general but still anything better than nothing. EU and US coordination on fighting ransomware reminds me of NATO foundation back in 1949. perhaps countries could have considered cyber crime a “global issue” sooner and act faster against organized international… Continue reading Virtual NATO
it does but only if it is originated from a intelligent programmer. AI is as smart as the people who did its modeling. an artificial intelligence cannot be more intelligent than its origination. presuming AI will be helping us securing cyberspace is like presuming we will have a accurate Accounting system or flawless GL just… Continue reading Does AI help us in security operations?
Relying on DAST/SAST is like investing in a restaurant where chef needs to be reminded of how to safely handle knife. no surprise that software developers have been dragging computer end-users to current situation when software products are no longer reliable, or they are packed with vulnerabilities. I have mentioned before that I believe the… Continue reading Relying on SAST/DAST
it has been relatively a long time since threat intelligence sources started to integrate what they call as “dark web” into their system of data/intelligence gathering, prioritization and delivery as a service to threat hunters. nothing really wrong with that, it is actually a reasonable and even crucial part of any threat hunting system, but… Continue reading is Dark Web really dark?
information security management is almost similar to every other thing that is Subject to Management, or requires management, and I am not going to explain why we need a management function in a system to make sure system is running and functioning as expected, at least not in this article. by similarity, I mean there… Continue reading what is information security management?
There is a difference between knowing the path and walking the path, right? just because I have something, does not mean I know something, or I do something. just because there are technologies, software or tools for a thing, let’s say GDPR compliance metrics, patch management, ITIL platforms, vulnerability scanning, application security testing…and so on,… Continue reading having something vs doing something
it is really funny when they call it one of the most sophisticated hacks in history and stuff like that, because it is actually one the most stupid hacks of all the times. nothing is really surprising about Solarigate or whatever they call it to me except how those companies that forever they have been… Continue reading are you surprised by SolarWinds hack?
Solarigate, Sunbusrt, UNC2452 or whatever they call it, how even fireEye, SolarWinds, Crowdstrike and many other involved are able to sell and survive after this disaster, and how security community is able to trust them again? it is interesting that how these top security companies with lots of managed service and bunch of products in… Continue reading SolarWinds hack: what just happened?
no doubt that users are the main problem in the whole concept of cyber defense, as we call it weakest link. Now, Awareness and Training as security community typically has been doing is neither effective nor actually deliverable. Imagine we would want to continue law enforcement and public awareness by means of “Most Wanted” posted… Continue reading human firewall