I have recently read a great book by Cole Nussbaumer Knaflic, named (amazon). what i liked most about this book is the scientific approach towards structuring visual data, if it’s for presentations, marketing, UI or anything else. i learned a lot from this book and reccomend to follow her blog.
I’ve been interviewed for the PSDCast podcast today by Alix Paultre of Power System Design. Today, billions of smart devices interconnected through the Internet of Things (IoT). Smart buildings are facing significant threats that are exacerbated by two major factors: Firstly, the intricacy and interconnectedness of critical functions in smart buildings can possibly create a disastrous “domino effect” if attacked. Secondly, these risks are still not receiving enough attention or funding since they fall outside the scope of traditional IT. ...
I wanted to outline a list of the different channels I use everyday to keep informed (some of these blogs are in hebrew). I use the old reader to keep track of my RSS feeds. Security and Cryptography Cryptography And Coding Information - Thank you for Ava for pointing this out! ICS-CERT Monitor RSS Feed Corelan Team ImperialViolet Blog: Ivan Ristić Google Online Security Blog TaoSecurity Roee-geist I Am Security Krebs on Security fail0verflow’s blog excerpts feed Naked Security - Sophos Filippo.io The Hacker News * [ THN ] Schneier on Security WhiteHat Security Blog Roger Halbheer on Security I hack, therefore I am Securelist / All Updates Cybergibbons Limited ritter.vg cr.yp.to blog A Few Thoughts on Cryptographic Engineering Management Rands in Repose הבלוג הפתוח למנהל הפיתוח Science storytelling with data Trust Me, I’m a Statistician Windows On Theory המדריך לטרמפיסט בסטטיסטיקה Damn Interesting Software Dan Kaminsky’s Blog Jeremiah Grossman Joel on Software Scott Hanselman Software Archiblog – בלוג ארכיטקטורת תוכנה Troy Hunt’s Blog The rest… Geek&Poke C-Section Comics cat versus human CommitStrip - Blog relating the daily life of web agencies developers Most Recent Dark Legacy Comics Saturday Morning Breakfast Cereal (updated daily) Spiked Math The Oatmeal - Comics, Quizzes, & Stories What If? xkcd.com Coding Horror
A colleague asked me today how do I manage to keep my head straight with all the different distraction and open issues I handle simultaneously on a daily basis. Although I have given this much thought over the years, when the question came up today I found a nice metaphor to explain this. When personal computers just came out (DOS era…) most of them operated with a single “task” running in the CPU. You could be running the OS or a game, but not at the same time. This wasn’t very efficient as a lot of time was wasted waiting for user input, or hardware changes, etc. ...
I encountered a youtube video of a smart 11 year old by the name of Jake Sethi Reiner, that explains in very simple terms the methodical way a security researcher should think. Don’t be fooled by his age, i have spent time trying to teach people this exact way of thinking: Identify the problem Gather evidence Hypothesize and analyze solutions Carry out experiments, analyze the results The problem he encounters at his home are no different than those encountered by professional security researchers - and his solutions are the exact steps one should follow through (learning to overcome different issues and concepts along the way).
The Internet of Things (IoT) is an intersection of trends that brings motivation, innovation, money and opportunity together into one massive tool. However, in the race to build more and more IoT devices and units, security is often an oversight. While this phenomenon is often spoke of in security circles, most users just assume that the security is built-in and have no idea the vulnerabilities that they are exposing their organizations or homes to. ...
In a recent interview to FedScoop I was asked to comment my opinions on the recent NIST SP-800-184 draft publication, which is focused on Guide for Cyber security Event Recovery. After reading the publication, and acknowledging its importance, i think we are still left with several issues. The IT industry at large has seen an evolutionary process where a lot of attacks had mitigation in place, in what is already a best practice. however, in the OT domain this process did not take place. ...
In a recent article in Smart Grid News I was asked to comment in the security concerns that executive face when dealing with IoT concerns. I recommended that executive start with setting up a team of security specialists and incorporate best practices within the IoT product development process. While these measures are in no way simple, they offer a starting point to enhance an organization security posture. ...
Thoughts offer some training oppurtunities followup with Hemed and Mickey attack crypto frameworks Notes DPAPI @paulacqure personal story limited set of crypto to use, probably one of these animated walkthrough of concepts use of 3DES in chrome password store, password length? whoami /priv Andrea Pierini @decoder_it AWS Workshop @Rzepsky [email protected] public access through ACL - should be deprectaed soon encrypt your snapshots lazys3 enumarate possible s3 bucket names ...