The Art of Machine Learning: A Hands-On Guide to Machine Learning with R

The Art of Machine Learning: A Hands-On Guide to Machine Learning with Rby Norman Matloff (Author) I have a strong opinion about this book, and obviously it did not meet my expectations. I am just going to highlights several key areas where I believe the book falls short, including the lack of relevant information, disorganized… Continue reading The Art of Machine Learning: A Hands-On Guide to Machine Learning with R

Who do you think is going to be the winner, the hacker or the security practitioner?

Who do you think is going to be the winner, the hacker or the security practitioner? This question is in the same ballpark as: Do we need more cybersecurity professionals who are getting more and more certifications? Then why are we just getting weaker compared to the hacker’s community? For example, is the ability to… Continue reading Who do you think is going to be the winner, the hacker or the security practitioner?

Who is the biggest spammer?

Who is truly the biggest spammer: the bad actors or those who don’t appear to be bad actors?

It is certainly nothing new that those labeling their spamming activity as ‘email marketing’ have no idea what real email marketing looks like, but that is not the point of this short article. I have been closely observing that so-called ‘security companies’ are generating most of the junk email traffic. It is ironic that companies… Continue reading Who is the biggest spammer?

Doctoring Data: How to sort out medical advice from medical nonsense

That’s the name of a book: *Doctoring Data* by Dr. Malcolm Kendrick. It teaches you how to spot misleading medical claims and understand the tricks used in health research and media. But you could easily generalize it to all kinds of data. The mindset is there — the idea — and you can definitely see… Continue reading Doctoring Data: How to sort out medical advice from medical nonsense

How to choose a vendor in context of infosec goods and services

a new label doesn’t create a new capability.” know what you actually need most people start with vendors before they start with themselves. that is the first mistake. if you don’t know what problem you are solving, every vendor suddenly looks “perfect”. it’s like walking into a hardware store without knowing if you need a… Continue reading How to choose a vendor in context of infosec goods and services

I am not the technical person but I must sell you something I have no clue about!

well, I actually changed the second part sarcastically, this is the original version: I am not the technical person but I really must sell you something today, can I connect you to another person in my company, an engineer perhaps? you know, we have a very great product but I am just lacking understanding what… Continue reading I am not the technical person but I must sell you something I have no clue about!

Security solution which acts like traditional painkiller

most security solutions are like traditional painkillers, we certainly feel better after talking them, but the root cause of pain remains intact and unresolved! as long as we do not address root cause of security incidents and vulnerabilities, we will be feeling better from short-term pain relief of “Security Solutions” and then suffering again soon… Continue reading Security solution which acts like traditional painkiller

utilizing dark web as defense

I was shocked when I heard from a “security professional” that using dark web as means understanding cyber threats has been Just Recently been discovered by them as an effective defense mechanism! no kidding! then why we are surprised we get hacked by the most trivial TTP out there? this is very disappointing that “security… Continue reading utilizing dark web as defense

endpoint protection won’t work!

any solution 100% focused on endpoint protection would not actually protect you from cyber threats. best case scenario, you will discover IoC (not even necessary IoA) after the fact, after a system has actually been compromised. the easiest way to confirm this is what is happening everyday in companies with sophisticated but pure endpoint detection… Continue reading endpoint protection won’t work!