How to mess up your breach disclosure

by adam on March 30, 2012

Congratulations to Visa and Mastercard, the latest companies to not notify consumers in a prompt and clear manner, thus inspiring a shrug and a sigh from consumers. No, wait, there isn’t a clear statement, but there is rampant speculation and (…)

Read the rest of this entry »

Doctors Make Mistakes. Can we talk about that?

by adam on March 26, 2012

That’s the title of this TED Talk, “Doctors Make Mistakes. Can we talk about that?” When was the last time you heard somebody talk about failure after failure after failure? Oh yeah, you go to a cocktail party and you (…)

Read the rest of this entry »

BSides Las Vegas 2012 Contest

by David Mortman on March 22, 2012

BSides LV 2012 tickets sold out in under 30 hours last week. I have acquired five tickets to give away. More details later, but the tickets will go to the person or people who have the best story of how (…)

Read the rest of this entry »

Feelings! Nothing but feelings!

by adam on March 15, 2012

At BSides San Francisco, I met David Sparks, whose blog post on 25 security professionals admit their mistakes I commented on here. And in the department of putting my money where my mouth is, I talked him through the story (…)

Read the rest of this entry »

Entice, Don’t Scold

by adam on March 14, 2012

I really like what Adrian Lane had to say about the cars at RSA: I know several other bloggers have mentioned the exotic cars this year in vendor booths on the conference floor. What’s the connection with security? Nothing. Absolutely (…)

Read the rest of this entry »

How’s that secrecy working out?

by adam on March 7, 2012

Last week at RSA, I was talking to some folks who have reasons to deeply understand a big and publicly discussed breach. I asked them why we didn’t know more about the breach, given that they’d been fairly publicly named (…)

Read the rest of this entry »

Stop sinning with complaints about the coffee budget

by adam on March 6, 2012

Someone respected wrote on a private mailing list: “If you spend more on coffee than on IT security, then you will be hacked. What’s more, you deserve to be hacked.” — Richard Clarke, keynote address, RSA 2002 To which, verily (…)

Read the rest of this entry »


by adam on March 1, 2012

Our sincere congratulations to all the winners of the Social Security Blogger awards.