Internet of Things insecurity is our fault

Normally I don’t comment on products/industries security because I believe that market is the best arbiter and I just got other stuff to worry about, but IoT is different. IoT are products of high interest of regular non-techy people, who have no clue about security aspects of the shiny WiFi-managed light bulb they just bought … Continue reading Internet of Things insecurity is our fault

Hiring your first security professional

I really enjoy attending security/business conferences. But it’s not that I’m going there to learn how to do security, because if that would be the case then I’d go for DEFCON or Derbycon and learn from top hackers on the planet. I go to business conferences because I want to listen to the problems others … Continue reading Hiring your first security professional

BugBounties changed InfoSec world for better

Graphic from tripwire.comJust four years ago, before that Bug Bounty madness started off for real, many companies had pathetic security posture. Okay, let’s be real here, most organizations, because many isn’t emphasizing enough. In just 4 years the raise of security awareness and general improvements of organisations security posture are really prominent. I’ll show you … Continue reading BugBounties changed InfoSec world for better

Software complexity as an enemy of security

Graphic from pautasso.infoThese days it’s unlikely for a company to not use 3rd party online products. Each day we are heavily relying on messaging apps, online data storage, team collaboration tools like issue tracking systems and many other apps. This is fine, we need all these to boost our productivity, but in my experience it … Continue reading Software complexity as an enemy of security