- Tools 10 Information Security Mistakes: A False Sense of Security
Ten practices that create false security: capturing logs without sufficient detail, policies no one follows, vulnerability scans without remediation processes, pen tests excluding workstations,...
- Assessments Perception of Value in Security Consulting Projects
Clients can't evaluate specialized security work directly, so they estimate value by assessing effort—usually time. A skilled locksmith opening locks in seconds gets fewer tips than when...
- Communication Strong Communication Skills: 10 Tips for IT Professionals
Ten communication tips for IT professionals: frame conversations from the listener's perspective, avoid jargon, don't sound superior, switch to phone/in-person when email fails, let emotions cool...
- Social Engineering Deception Lessons for Information Security from World War II
WWII deception used ambiguity (uncertainty inhibiting intelligence assessments) and misleading approaches (building up wrong alternatives' attractiveness). Successful deception resembles jigsaw...
- Training Make Security Policies Harder to Read to Improve Retention?
- Product Management Ease of Use as a Competitive Advantage for Security Products
Security products historically prioritized features over usability. Vendors should prompt users as last resort, make intelligent decisions on users' behalf, and let products run unobtrusively—users...