Posted in Business, Security Architecture on Jan 5th, 2019
What did my friend actually mean with bolted on? For sure he means a security solution that might or might not be well integrated into the operating system and even if that is a big issue in itself the real challenge was that the user interfaces sometimes mandated some serious training to be able to […]
Read Full Post »
It is somewhere between late night and early morning. Family has stopped celebrating, the bottles of champagne are empty and everyone is sleeping. Only the security architect is awake. During the festivities I had a long discussion with a friend of mine of the futility of cybersecurity. How hopeless it is to try to stay […]
Read Full Post »
Posted in Business, Security Architecture on Dec 23rd, 2018
A customer of mine have asked me to device a security strategy for them. This will be an interesting task. The background to this assignment was that I was doing a presentation of cost effective security management using MITRE Att@ck as an example to prioritise your actions. After the presentation their CISO came up to […]
Read Full Post »
One of my core skills is conducting risk analysis, to be more precise, I tell my customer to quit fiddling with esoteric attacks and focus on the real challenges, like good passwords, MFA and credential hygiene. One common question I get is: Who would like to attack us? We have no money reserves like a […]
Read Full Post »
Posted in Business, Security Architecture on Jul 5th, 2018
As you know if you work in the field of Credential Theft Tier 0 is the most important thing to protect. With Tier 0 access I pwn a company, to use a security term. The implications from a contractual perspective is seldom considered when a company decides to outsource Tier 0, i.e. their Domain Controllers […]
Read Full Post »
Posted in Business, Security Architecture on Oct 5th, 2017
Here in Sweden GDPR is one of the hottest topics within security. There is a lot of confusion regarding what is needed to be done and what different parties need to do. First of all, GDPR is a law. Any lawyers out there would probably want to correct me as it´s an EU thing, but […]
Read Full Post »
Posted in Business on Sep 1st, 2017
And ransomware has been weaponised. If you remember my post a few months back regarding the future of ransomware we now see the emerging Wiperware, malware that´s sole target is to create mass destruction rather than take files for ransom. The article mentions Maersk loss of more than $200 million to NotPetya and that ransomware […]
Read Full Post »
Posted in Business on Aug 7th, 2017
Today I start my first day at Microsoft! Wish me luck!
Read Full Post »
Posted in Business, Methodology on Jul 30th, 2017
I don´t know how many of you that spend your time reading about security issues during your vacation but you have probably heard about the struggles at the Swedish Transport Agency. There are quite a few things not right in the current rounds of the news but that will be sorted eventually. All in all, […]
Read Full Post »
Posted in Business on Jun 6th, 2017
Cybersecurity has been a thing for quite some time now but the real change here in the Nordics came this year with a lot of ransomware attacks with WannaCry as the current leader of the pack closely followed by GDPR that is every security consultants wet dream. Almost every company have put cybersecurity on the […]
Read Full Post »