January 25, 2011
November 15, 2010
Pen Testing Versus Vulnerability Assessments
At the end of the first day of plenary sessions at OWASP App Sec DC 2010, there was a session...
Read MoreNovember 12, 2010
OWASP App Sec DC 2010 General Recap
The OWASP App Sec 2010 conference ended today. The format and content of some of the talks made for a...
Read MoreNovember 5, 2010
OWASP AppSec DC 2010 is Upon Us!!
This is a short reminder to everyone out there that OWASP’s annual conference in Washington, DC is next week. There...
Read MoreOctober 11, 2010
Current State of FISMA Part 3: What Is the Target?
September 28, 2010
A Follow-up on Quantitative Risk Analysis
The other day Terry wrote a piece on risk assessment, and focused primarily on quantitative assessment. It brought to mind...
Read MoreSeptember 25, 2010
A Requirement By Any Other Name….
Since we’ve covered FISMA and NIST recently, I thought it would be a good time to discuss policies, standards, guidelines,...
Read MoreSeptember 16, 2010
The Value of Quantitative Risk Analysis
Greetings blog followers and welcome to my inaugural blog post. I have recently joined the MindPoint Group family and look...
Read MoreSeptember 10, 2010
The Current State of FISMA Part 2: The Chasm Between Compliance and . . Everyone Else
September 3, 2010
Current State of FISMA Part 1: FISMA-bashing
When it comes to FISMA we have seen two things: Over the last 8 years the federal government has...
Read MoreAugust 25, 2010
Gmail Account Hacks
It seems that sometime within the last 12 hours there has been a widespread attack against Gmail. I first noticed...
Read MoreJuly 19, 2010
Current State of FISMA Series
Not that FISMA was ever not a hot topic for security professionals in and around the Federal government, but lately...
Read MoreJuly 19, 2010
Off Topic Rant About Office Suites
February 23, 2010
Reputation Filtering and Old Nightmares
So, I saw this update over at the SANS Internet Storm Center, and it pushed a button. Well, I should...
Read MoreFebruary 19, 2010
Search Poisoning and Security Awareness Training
I was talking to my brother just now about recent search poisoning that was occurring related to the story about...
Read MoreFebruary 12, 2010
TPM Chip Hacked
Darkreading and a few other sites have posted this story about a security researcher named Chris Tarnovsky who has been...
Read More