Mornings With Mark

Malicious software (malware) is an umbrella term that covers a number of different types of software designed to do bad things...but those specific categories don't mean to much day-to-day when it comes to defence...

Encryption: what is it? why does it work?

Perspective is a tricky thing....maybe the hardest aspect of cybersecurity

What is a password? Why do we use them? Why are they so frustrating? ...some answers

Continuing the "basics" series, here's an easy way to understand the terms: vulnerability exploit threat risk

The basics starts with understanding the goal of security. It sounds simple but the goal is to make sure whatever you build works as you intend...and only as you intend! We also cover the types of security (physical, operational, cyber, information). Together that should help frame the rest of the series.

Back from vacation, I recap the show's structure and new channels as well as the plan around "the basics"

A friend highlighted a real issue: there isn't enough material about basic cybersecurity that's easily relatable.

Connecting with others is critical but it can also pose a risk. It's important not to "leak" information needlessly. This is a practice know as operational security. It's critically important...and often ignored.

We're creating more and more data but despite advancements in data processing, we're still lacking easy to use tools to understand what's happening around us. What can we do to fix this?

No one wins all the time. Don't seek out failure but we shouldn't be afraid of sharing our failures so that others may learn.

Security is there to ensure that the systems you build work only as intended. Part of that is realizing the potential for abuse and ensuring that the system and users can continue to work safely...there's a LOT of work to do. References; fantastic and depressing article from Everywhereist an example of one of the many issues via Werner Vogels & Abby Fuller

A lot of the issues facing our communities and sub communities today (deep fakes, encryption, privacy, DevOps, etc.) need active discussions. By their very nature, you can't really have discussions at scale...right?

Getting your first cybersecurity role can be difficult. Is part of the problem how organizations are hiring talent?

Passwords are a horrible way to verifying identities but they are the best thing we currently have that works at scale. Adding a 2nd factor to that verification significantly increases the security of the system. But how can you add that factor without sacrificing usability?

You cannot stand at "Red Alert" 24/7 but that's exactly what we do in cybersecurity...often without realizing it. What impact does that have an our approach? Our attitude? Our mental health?

Unchecked assumptions are a major risk in any field...but in cybersecurity they take on a whole new level. Not updating assumptions and mental models with automatically leads to issues down the road. And unfortunately, not nearly as far down the road as you think!

A common step when you're trying to get started in a career in cybersecurity is getting a basic certification. What comes after?

Where--physically--do you work? Does it matter? That's a critical question for both the organization and the individual. A 40-hour work week (why is it 40 again?) take bout 25% of your time. It's potentially the second biggest time commitment behind sleep. Where you work and how you work are critical to your health. We simply don't talk about it enough. Here's a few thoughts to get the conversation started...

It's all too easy to burnout in IT in general...more so in security. Why? What's the cost?