Whitelisting is Dead, Long Live Whitelisting!

I believe in application control, often called application whitelisting. A lot of FUD (fear, uncertainty, and doubt) gets spread about today’s cyber threats. Bad actors continue to break in through not-so-advanced and not-very-persistent threats (as opposed to APTs). The entire situation often gets spun horribly, with whitelisting companies claiming a panacea and non-whitelisting security companies asserting it’s too expensive. Nevertheless, I still believe that application whitelisting will take over as the defacto way to secure our digital endpoints, and NIST agrees. Read more “Whitelisting is Dead, Long Live Whitelisting!”

Highlights From Facebook’s [email protected] (@SecatScale)

Facebook hosted [email protected] in Boston on November 12, 2015 and I attended. It took place at a fun venue, Artists for Humanity, a nonprofit organization dedicated to enhancing the arts in Boston public schools. Facebook will post videos and notes on their Engineering blog (here are the notes from 2014), but following are my notes and highlights.
Read more “Highlights From Facebook’s [email protected] (@SecatScale)”

Applying The Principles of The Quantified Self to ​Cloud Security

I like the ideas behind quantified self. This has not driven me to purchase an Apple Watch, but I am now on my second fitbit. I also use MyFitnessPalRunKeeperMint, and Jenkins. These services provide low-friction visibility to otherwise obscured aspects of my life. The first step to self-improvement is to “know thyself.”

Quantified self introduces an aspect of continuous monitoring to my life. I could view snapshots into my health every year at my physical or just kind of eyeball my health based on looking in the mirror, but neither of those provides the visibility to optimize my health. And auditing my finances every year at tax time is better than nothing, but that by itself will not lead to wealth. 

Read more “Applying The Principles of The Quantified Self to ​Cloud Security”