As a massive fan of Jennifer Leggio whom has been in the security industry for 17 years as a marketer, advisor, and writer. Her focus is on security culture, including disclosure, community issues, equality in security, disruptive trends, and even marketing best practices, all subjects very close to my own heart. In a recent write up she focuses on the key points from her Hack in the Box (HITB) Amsterdam keynote from a few weeks ago and covers some of the marketing fails in information security - including logo's and branded vulnerabilities.
What are these? you may ask; well basically there are people that work towards reducing harm and those that contribute to harmful outcomes and the latter tend to lend to all the confusion, fear, uncertainty, and doubt that distracts or disrupts a security practitioner's ability to do his or her job.
Some key points that stand out for me – again Jennifer, this is some great stuff!
- Speak with your management about creating an ethics or standards board.
- Express the end state you want is more truth and better security.
- Share that you are willing to support on a committee to provide guidelines.
- Company doesn't have a coordinated disclosure policy? Build one.
- Require credit for your work.
- Call out marketers, but focus on sharing how to do better vs. focusing just on what sucks.
It needs to be an inclusive and interactive dialogue between technical and non-technical folks, with next steps and outcomes. If we will build it. Will you come?
And with this in mind, enjoy our roundup of stories for this week…
Where Do Cybersecurity Professionals Come From?
When a Mommy cybersecurity professional and a Daddy cybersecurity professional love each other very much they hug each other in a special way to help each other make little cybersecurity professionals.
If only it were so easy! If it were, we wouldn’t have nearly 2.2 million unfilled cybersecurity jobs on the horizon.
We wouldn’t have millions of kids struggling with online and social media addictions on one end of the spectrum and kids with no access to the Internet on the other. So while the straight answer is, we make them, the less straight answer is how?
Where Do Cybersecurity Professionals Come From? | Pete Herzog
Security by Design: The Network
Security by design is about designing secure environments with clear goals underpinned by real-world constraints. Realistic assumptions and constraints in terms of Business, Personnel, Staffing compliment, their abilities and the IT environment and the entire ecosystem are all critical steps in the security by Design process.
I really enjoyed this detailed take on the logic behind this very misunderstood concept.
Secure by Design: The Network | Devon Taylor
The Best and Funniest Security Memes
AlienVault recently ran a contest on Twitter to collect the best InfoSec memes from the community. I really had to chuckle at some of these with the compendium blog on these funny as well as educational security memes. Since her blog on IT jokes from 2015 was so well received, maybe this meme thing will catch on too!
The Best and Funniest Security Memes | Kate Brew