You will recall from Part 1 and Part 2 that I bemoaned the flagellation of the security tools industry for failures in security and therefore the occurrence of breaches. The real question is: given there is a problem here, what should we do about it. If security tooling is not the answer, what is? Well, […]
You’ll recall my observation from Part 1 that increasingly tools are being used in place of thought and rigour. Its worth setting out what I mean by thought and rigour in the context of this issue, so briefly this is how I define it (constrained by a desire for brevity). Lack of understanding of context: […]
I’ve seen quite a bit of noise on LinkedIn with various posts decrying the security tooling industry. The gist of the posts are that the tooling industry is broken/multiple failed promises/tools don’t provide the security they are touting etc… Couple this with an evening seminar I attended toward the end of 2022, where the a […]
There are lots of articles about what’s required for security to flourish in an organisation. I thought I’d put together something inspired the Pragmatic Engineer article that’s specific to Security Architects. I’ve probably gone a little further to indicate the anti-pattern in the text… General Technology Questions Do you use low-priced/low spec commodity IT for […]
…or at least that’s how it feels As a security practitioner its easy to dismiss agile practices – the ‘just enough’ architecture, short term if any planning and reliance on vanilla solutions as good enough are an anathema to anyone who has been around security for a while – particularly if you are a security […]
Fractional Polymath 