Social Engineering Abounds

I've been ranting for years that we need more exposure about the threat that is Social Engineering. As time goes on, we move more toward a model where the human is the prime exploit target. I just found out that some other people are thinking the same way. Today launches…

Greed as a prime motivator

I found this article the other day about the teen in Great Britain who managed to completely dupe a bunch of airline executives in believing that he was a millionaire who was looking to buy into their company and expand it. The key to the attack is that greed was…

Constraints and The Bandwidth Problem

I got in a conversation last week about the upcoming bandwidth crisis in the core. I've managed to forget about those issues more and more over the past few months. I’ve spent a lot of time thinking about vulnerability research and social engineering lately at the expense of a…

Social Networking and Security

Lately, I've been thinking more and more about social networking. I was reading a recent article by Eric Ogren on this issue at Searchsecurity.com. The article said: "According to a recent Websense Inc. survey, the decision has already been made by the business units with 86% of IT respondents…

Obama and Hypnosis

I was on the Altered Egos radio program from Nanaimo, BC this morning, and we were talking about hypnosis, NLP and influence as it relates to political speech, advertising, etc. I mentioned an awesome paper about Obama's use of hypnotic language and patterning - the paper can be found here.…

NLP is not Science

One of the people whose work I have enjoyed of late is Gadi Evron. I find that he and I approach problems and random things very similarly (although he blogs his results far, far more frequently than I do... mine just get saved up for classes, webinars and articles). So,…

Six Sigma and App Security

From a note that Hoff tweeted, I ended up reading Jeremiah's awesome new post in which he asked the following question: "How do you achieve quick wins in Web Application Security, rooted in software, with measurable results that CIOs would appreciate? " I started a thread on twitter with my answer,…

Modern Social Engineering

I've spent a lot of my time lately working on projects related to social engineering. Writing articles, prepping class material, and just generally having conversations and brushing up on my skills. For those that don't already know, Chris Nickerson and I are doing a full five-day class on Social Engineering…

Calling all security pros

So, the economy has changed a great deal over the past few months since Lee Kushner and I announced our survey on career management in information security. And we've had some great responses. I wanted to announce that we'll be closing the survey at the end of the month, so…

Getting Information Security Training Right

Anybody who has talked to me in the past few years knows that one of the things that I'm most passionate about is evolving one's career. Whether it's the work I do with career coaching, my talks and research with Lee Kushner on infosec careers, or just my blog posts…