Avoiding Phantom Risk – Chasing Exploitability, Not Vulnerability
The gravest warning a pen test report could contain are the words “The host may be vulnerable to remote code execution”. It is hard to know what that immediately means. Did they get system access on a...
View ArticleTHE LAST WORD IN ENCRYPTION 101
One of the oldest ciphers is known as the Caesar cipher. The way it works is to assign a number to every letter in the alphabet. In other words, this method assigns the numbers 1 through 26 to the...
View ArticleZero-Knowledge Proofs, D-Day, and the Promise of Trustable Software
An old proverb tells us, “You know nothing until another knows you know it.” Sometimes, though, you don’t want that someone to know sensitive details - just the “fact of.” For example, take April 1942....
View ArticleDevOps Automated Governance
In the Spring of 2019, several organizations worked together to create a forum paper called DevOps Automated Governance.[1] The paper intended to create a reference architecture around Governance,...
View ArticleClik here to view.
Radio Frequency Operations and Training From a Virtually Different Point of View
Radio Frequency (RF) security, sometimes called wireless security, is much more than just WiFi. Over the past few years, there has been rapid growth in WiFi training courses, but very few that...
View ArticleHuman Security Engineering: A New Model for Addressing the “User Problem”
Despite best efforts, the cybersecurity professional has yet to be able to adequately handle what people refer to as “The User Problem”. A user will inevitably click on a phishing link. A user will...
View ArticleSafety Or Simplicity? The Costs Of Convenience In Our Connected Life
Modern technology advancements are placing consumers into uncharted territory, granting limitless access to the internet and its benefits in varied and unique ways. From Smart Homes that automate key...
View ArticleAddressing Malicious Websites Through Human Security Engineering
In the Spring 2021 issue of the United States Cybersecurity Magazine, “Human Security Engineering: A New Model for Addressing the “User Problem” I highlighted the strategy of Human Security Engineering...
View ArticleQKD versus PQC: A Quantum Showdown? Part 1
The need for communications confidentiality has existed since humans developed language. Accounts of the Greco-Persian wars in fifth century B.C. described steganography, (hiding the existence of a...
View ArticleQKD versus PQC: A Quantum Showdown? Part 2
This is part two of a two-part article on secure key distribution in a post-quantum world. Part one focused on Quantum Key Distribution (QKD) as a method to securely distribute encryption keys. This...
View Article