A picture says 1,000 words is something everyone has heard. In lieu of a picture, data visualizations tell the story for the author. Sometimes, it's what the data shows that's most important. Sometimes, it's what the data is missing that speaks louder. Come along for this quick lightning round on direct and indirect data and the dangers that hide within.

This is a quick episode geared at showing the importance of making security usable. Using the GDPR and e-Privacy Directive cookie consent popup as an example, we can explore the difference the letter of the law vs the spirit of the law makes. Usable security follows the spirit of the law, where as bad security experiences are just to satisfy the letter of the law. So put on your most comfortable socks and join us for this great episode!

Authentication (Authn) and Authorization (Authz) are two of the most overloaded and incorrectly used words in the field of cybersecurity. It's with good reason - they are the two most fundamental principles behind building trust in the digital world. Authentication is when an identity is validated and verified to be who it say's it is. Authorization is the enforcement of permissions of the verified identity. Join us in this episode to learn all about this space and where the future is bringing us!

Have you ever been in the middle of an important life event and the dreaded happens? A page for a security event comes in? And worse, you're not prepared or don't have everything you need to handle it. Let's take a scenario and break it down on how we can detect it, mitigate it, remediate it and recycle it through creating playbooks and replaying it at future table top exercises.

Your customers need access to your data - that is the service you provide that they're willing to pay you for. But what if you're on opposite sides of a river? You would build a bridge. How do you make sure it's safe? How do you make sure they can travel across the bridge with privacy in mind? What happens if there was an accident on the bridge? It's a simple metaphor you can use to explain the important of information security to business partners who are just thinking about the business, and why information security matters so much.

First one out of the gate for 2024 is all about Application Security. We get right to it, talking about all aspects of Application Security from the importance AppSec has on the overall business, to the minuet details of input validation, honeypotting, secure logging and more. Tune in to hear some stories from the past decade solving challenging attacker v defender scenarios, and what we did to increase the cost on the attacker and use data to help drive our priorities. Can't wait to have you join us on a listen!

Disclaimer: View are my own and do not reflect that of my employers, acquaintances or family. | Credit: Audio is from bensound.com

In this episode, we explore the framework of what to secure when starting out a security program, or looking to mature it. Starting with the perimeter helps build a defensible position for you to get a foothold on security by knowing what needs to be protected and how attackers might try to access it. Next, we talk about securing the people aspect, building on awareness from the perimeter phase. People are the ones doing the work and who need access to data to do their jobs, one way or another. Training them to handle it correctly is the first half. The next half, is putting policies in place to actively educate and secure the practices the everyday team engages in. Lastly, we briefly touch upon the product, a few ways the FTC suggests securing applications and product which you can read more about here https://www.ftc.gov/business-guidance/resources/app-developers-start-security.

Disclaimer: View are my own and do not reflect that of my employers, acquaintances or family. | Credit: Audio is from bensound.com

Learn how you can apply both the As Soon As Possible and As Late as Possible principles in your decision making when you're trying to figure out the risk/benefit trade off. As Secure As Possible and As Lenient As Possible are two adaptations to the same principle that quantify risks using data and allow you the prioritize the work you need to do to make an educated decision and create a smart defensible position when it comes to decision making. Some decisions are hard, some decisions are easy. Some need more security and some just need to be within your tolerance levels!

Corporate security can mean so many different things depending on the maturity of your company and your security program. Some of my favorite projects were done while I focused on Corporate Security over the past 15 years. In this episode, I share a few of those stories, things that I totally didn't expect, but that made me a stronger engineer.