So, it’s that time of the week again—the time where we spotlight the best posts by local security bloggers. This week there were some especially thought-provoking posts mixed with some humorous v-blog posts that are a must-see.
If you have any recommendations for local security bloggers that we should keep our eye on, leave a comment below or send us a tweet @grecs.
#3 – More Than 140: Opening his post with the dilemma of needing more than 140 characters to answer a question about embedded devices via Twitter, @cyberhiker decided to write a blog post about it instead. Discussing some of the drawbacks of embedded devices, @cyberhiker wrote that “[embedded] devices will never have the security controls that full blown operating systems and applications are capable of implementing.” (Sorry, Microsoft haters.) @cyberhiker then offers some helpful tips about how to test embedded devices and make them secure as possible. If you’d like to read the full post, you can view it here.
#2 – The Cybersecurity Act in Two Parts: (Note: While @rybolov actually wrote two separate posts dealing with the Cybersecurity Act of 2009, they were a “Part 1” and “Part 2” kind of deal, so we’re counting them as one post, just FYI). In his post(s) about the Cybersecurity Act of 2009, @rybolov talks about the nuts-and-bolts of the Cybersecurity Act and what kinds of changes (both good and bad) the Act will bring about. The especially nice thing about these two posts is that @rybolov lists the different sections of the Cybersecurity Act and then comments on them, giving them his own “verdict.” This is definitely an important read for anyone in the security industry, as many of these changes have the potential to make some changes to the way we’re currently doing things. You can read “Part 1” and “Part 2” on the Guerilla CISO blog.
#1 – Back to Basics: Marcus J. Carey has been on a roll this week, taking our number one slot for his v-blog post “The Secret to Troubleshooting: Thin-slicing.” To be honest, we would have given all of our slots to Marcus this week not only because because his v-blogs are hilarious, but also because a lot of what he has to say resonates with our own beliefs about security. In his post “The Secret to Troubleshooting: Thin-slicing,” he addresses one of the most important parts of security: The basics. He says in his post that knowing the basics about something can help eliminate what could become bigger issues. He also makes another great point, saying that people will often try and find complex solutions to complex problems when really, if they just did the basics well, they would prevent a lot of those complex problems. You can watch the full post here.
Bonus: While we couldn’t give Marcus every slot, we did want to highlight some his additional v-blog posts this week, specifically his “Selling Security” and “Ham Security” posts. The “Ham Security” post is especially poignant as it shows why people shouldn’t always do things the same way simply because “that’s the way it’s always been done.” The “Selling Security” post is a good watch, especially for those of us who have to “sell” good security to our management. It’s about not assuming that management will just “give it to you:” You may need to approach them several times.
Well, that’s all for this week—as always, feel free to comment or send us a tweet @grecs.
Do you have your pass to SANSFIRE yet? If not, why not purchase it through NovaInfosecPortal? It doesn’t cost you anything extra, and it helps us keep the site going.