Year: 2015

#FAIL No More: The Rise of the Self Defending Enterprise

I love hashtags, because I love twitter. So it was inevitable that hashtags would become a major part of one of my talks at some point. And as I get ready for another round at Defrag (one of the highlights of my year every year), I realized I never posted about the talk I gave

The Real Lessons from the LastPass Breach

Didn’t think I’d be writing back-to-back posts regarding breaches, but that’s the world we live in now. And the LastPass breach is interesting on many levels. In warning users of the breach, LastPass disclosed that their investigation into the breach showed “that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were

Quick Thoughts regarding the Kaspersky Labs Intrusion

Kaspersky Labs has revealed this week that their corporate network was subject to a sophisticated cyber-intrusion that leveraged a new malware platform. Their investigation is ongoing, and they have found the malware to have been used against other victims as well. So while I am sure there are more details that they will reveal, I did

Building the Self Defending Enterprise

Algorithms. Algorithms. Algorithms. If Steve Ballmer were still running the show at Microsoft, I’m pretty sure that would have been his chant at the next conference. The abundance of data being generated, collected and analyzed now is so vast that it has been a completely logical progression to move away from human analysis to algorithmic

2FA in Password Managers: Fair or Faux

It all started with a tweet I sent regarding the position on passwords and password managers that a member of Microsoft Research was taking in an NPR article (I’ll expand on my viewpoint in a later blog post). But one of the resulting responses I received sent me down a very interesting rabbit hole. Faux 2FA? Of course I