It is somewhere between late night and early morning. Family has stopped celebrating, the bottles of champagne are empty and everyone is sleeping. Only the security architect is awake. During the festivities I had a long discussion with a friend of mine of the futility of cybersecurity. How hopeless it is to try to stay […]
Read Full Post »
In the aftermath of the pentester´s failed attempt to get hold of Active Directory we started to discuss the long lead time of getting a pentester onsite. Sure, it´s mainly a question of resources and money but there is an underlying challenge seldom thought of. Today security functions is not static or passive. They have […]
Read Full Post »
IAM is a very strong tool to get in control of your accounts. With an IAM system for all standard users you will quickly protect all standard access and manage all access control. On top of that comes the protection of your privileged accounts and that means more advanced solutions like PAW or ESAE. In […]
Read Full Post »
Posted in Business, Methodology on Jul 30th, 2017
I don´t know how many of you that spend your time reading about security issues during your vacation but you have probably heard about the struggles at the Swedish Transport Agency. There are quite a few things not right in the current rounds of the news but that will be sorted eventually. All in all, […]
Read Full Post »
Posted in Business, Methodology on Oct 5th, 2016
None of you raises an eyebrow when I say that I work at Sogeti and as all other consulting firms together with my clients we struggle with finding the right people. Finding junior staff is rather easy, keeping them a bit more challenging as it should be. But the senior people, like me, are harder […]
Read Full Post »
Posted in Methodology on Aug 18th, 2016
Have you ever heard of immediate security? A colleague asked me of my views on it since he heard it at a webinar and that it would be impossible to reach. My simple answer is that rather the opposite is impossible. Impossible as in produces less security. Every single second I need to know if […]
Read Full Post »
Vacations are supposed to be a time for contemplating and relaxation but apparently there are no rest for the wicked. I have been stuck with a few contracts regarding security SLAs where I would like to share my thoughts with you all. Security SLA is always a challenge, how to you measure that you are […]
Read Full Post »
Posted in Methodology on Jun 25th, 2016
I think that no one have missed that we celebrated Midsummer in Sweden, one of our famous public holidays where we mimic frogs and drink a lot of booze. Even if it´s a public holiday in Sweden the rest of the world, especially the criminals, still keep pondering at our doors trying to find a […]
Read Full Post »
Posted in Compliance, Methodology on May 14th, 2016
I know that a bunch of you have started to look at the new data protection directive. If you have spent some time with it, you probably have read that if you encrypt your data properly you don´t need to inform your customers of a data breach. This is of course good news for encryption […]
Read Full Post »
Posted in Methodology, Technology on Mar 4th, 2016
I have to say that I really hate ransomware. It´s just like the old times when a henchman placed himself outside your store and blocked your customers from coming in but without the satisfaction of beating him with a bat to make him go away. A client of mine was targeted with a ransomware and […]
Read Full Post »