Published in Security on HTTPS is as important today as it has ever been. If you are transferring sensitive data you should use HTTPS to encrypt data in transit, that is not up for debate. Understand though that it is but one piece of a larger security conversation, and that’s where the message falls flat on it’s face.
Published in Security on The concept of Defense in Depth is not new. It’s been leveraged in the InfoSec domain for a long time, and has it’s roots deeply embedded in military strategy and tactics. That however doesn’t mean that even those in the InfoSec domain explain or implement it correctly.
Published in Security on This morning I had the privilege of speaking at the Higher Education Web Professionals Association (HighEdWeb) annual conference. I took the opportunity to share a number of points around the website security threats as they pertain to the education industry, our observations on the trends at Sucuri and more importantly our thoughts on how to think about website security.
Published in Security on It’s impossible to go a week without seeing some reference to a data breach, whether it’s a write up on what happened years ago, or updates on breaches that are still happening.
Published in Security on Over the past couple of years we’ve been reminded time and time again of how susceptible our communication mediums are to prying eyes.
Published in Security on Ever since Google made their announcement that they were exploring the idea of using HTTPS as a Ranking Signal for your SEO, the web has gone nuts for HTTPS. For a number of security professionals it’s generated groans and a heightened level of annoyance and consternation at what has become an over abundance of irrational thought, perspective and improper guidance and insight.
Published in Business on I think there is an elegance to being removed from opinion or bias. Too often we tend to shake our heads at the other and think, They just don’t know… This clouds our way of thinking, and in some instances blocks our ability to think beyond our norms. I ask myself every day, with every decision, what is driving this decision?
Security is in a constant evolving state and keeping up with the various changes can be hard. As my journey in the security industry continues, I will share thoughts and opinions based on my experiences. I’ll focus mostly on website security, sprinkled with general security concepts – all tailored to the everyday user.
It’s only been recently that I have come to the realization that I fit into the blogger category. In doing so, I have started to place more emphasis on the technologies I’m employing to get my work done. For the better part of 5 years I have been an adamant WordPress user.
To think I was not going to attend the event. It was already later in the year, November, and besides, as my beloved friend Chris Lema pointed out, I had been rejected to speak. Forgive @perezbox and his tweets. He got a rejection letter from #wooconf without even applying to speak.
Decided to update my email subscription feature and in the process set out to find a more effective solution. I had been rocking the Jetpack plugin and using their subscription module, but it left a lot to be desired. Mainly the lack of control, or appeared lack of control over my own data (my emails).