- Product Management What Does a Security Product Manager Do?
A security product manager defines product capabilities and drives adoption for information security solutions, working closely with customers, sales, and engineering teams. Unlike most infosec roles...
- Social Engineering Allowing Gullible Victims to Self-Select in Online Attacks
Blatantly fraudulent scam emails may be intentional—by appearing obviously fake, they filter out savvy people who would waste the scammer's time, ensuring only the most gullible victims self-select....
- Risk Management The Endowment Effect in Information Security
The endowment effect—valuing items in your possession more highly—may cause security professionals to overestimate the value of data they protect. Business managers, more removed from the data, might...
- Communication Tips for Troubleshooting Human Communications
Effective communication requires empathy, acknowledging different perspectives, and phrasing arguments using the other person's terminology and objectives. Key tips cover email best practices,...
- Malware How Malicious Code Can Run in Microsoft Office Documents
Microsoft Office documents can execute malicious code through VBA macros (requiring social engineering to enable), exploit payloads targeting Office vulnerabilities, embedded Flash objects, or...
- Encryption Confusing the Padlock and the Favicon in the Web Browser
Attackers can display padlock-shaped favicons to fool users into thinking non-HTTPS connections are secure. Chrome and Firefox addressed this by removing favicons from the URL bar, while Internet...