Browsing Author: David Mortman

Categories: Compliance, SMB Security

By David Mortman

After a long 2.5 years Gene Kim, Kevin Behr, George Spafford, the authors of the awesome Visible Ops series, have just launched their latest book, The Phoenix Project.  I was fortunate enough to get to read some early drafts, so I am extra excited that it is finally shipping. When Gene first mentioned the book to me, I was rather surprised that it was a novel. I was a bit skeptical of the choice of genre but dove in anyway, and I am so glad I did.

Read more...

Categories: Web Security

[img_assist|nid=2738|title=|desc=|link=none|align=left|width=100|height=100]Ninety years ago KitchenAid released their first countertop mixer, which weighed in at about 69 pounds. More interestingly, the mixer also had a special socket that allowed users to attach assorted add-ons for new functionality such as slicers, shredders and meat grinders. Today this sort of extensibility of countertop-appliances is old hat for KitchenAid and their competitors.  The interesting thing about this socket is that it has not changed in size or shape since the very first version was released. As a result, you can buy a brand new attachment, say the pasta rollers and it will work in every single version of every KitchenAid stand mixer ever made. Talk about backward compatibility!

Read more...

Categories: Vulnerabilities

Guest editorial by David Mortman[img_assist|nid=1786|title=|desc=|link=none|align=left|width=115|height=115]It’s early fall here in Ohio which means it’s time for the second round of canning for the winter. So last weekend my kitchen was covered in bushels of apples and pounds of greens and a whole lot of canning jars. As you know by now, I love to cook and I love a well-designed kitchen tool. Mason jars in particular make me extremely happy. They were invented in 1858 and fundamentally haven’t changed in the subsequent 150 years.

Read more...

Categories: Compliance

By David Mortman
Inspired by professional pastry chef Shuna Fish Lydon:

“You do not know what a good, bad or indifferent baker/pastry chef you are until you work alongside someone who is better/worse than you. This is not at all to say that if you are an outstanding home baker, you are deluding yourself. But as far as professional cooking & baking go, it is my experience that unless you push yourself really hard to stay away from your sweet spot comfort zone of I-Know-All-I-Need-To-Know-And-I-Feel-Very-Comfy-In-This-Job/Kitchen-Thank-You-Very-Much, and move kitchens or chefs or hire people who are much closer to your level than you feel comfortable having them, you will become stagnant in your baking skill and knowledge.”

Read more...

Categories: Compliance

By David Mortman
I always find RSA interesting because in addition to the official theme of the conference (what was this year’s anyways?) there is the unofficial theme, that usually comes from either the show floor (Everyone remember how every year from 1999 through 2003 was “The Year of the PKI”?) or from the talks themselves. 

Read more...

Categories: Compliance

By David Mortman
I spent some time earlier this week at mini-metricon, a workshop that was inspired by the success of Andrew Jaquith’s security metrics mailing list and the larger Metricon which is held each year in conjunction with the USENIX Security Conference. In essence members of the mailing list gather each year on the Monday before RSA and share what they are doing with regards to security merics within their organizations.

Read more...

Categories: Web Security

By David Mortman
I am very excited to be guest blogging about RSA here on Threatpost. A special thank you to Dennis and Ryan for the privilege.

I am also  very excited to once again be speaking at RSA this year. Last year, I was on a panel with Mike Rothman, Rich Mogull, Martin McKeay and Ron Woerner titled “Avoiding Another Security Groundhog Day”. The main theme of our panel was how could we as security practitioners move forward with protecting our customers while avoiding the sins of the past.

Read more...