Author Archive | Andy Willingham

What ever happened to professional courtesy?

This is a bit of a rant and has nothing to do with Information Security so if you want to move on I’ll understand. I’ve noticed lately that professional courtesy has taken a nose dive. Some examples from both work and outside of work. At work I deal with colleagues from all over the world. […]

Continue Reading

On security awareness training

This won’t be long because I don’t have enough time. There are lots of discussions on whether or not awareness programs are worth the time, effort, and cost. The short answer is no. Most of them aren’t. Not because there is not value in making users aware but because the programs are crap. They are […]

Continue Reading

We don’t need cyber-vigilante justice

I spent the last couple of days Josh Corman as he was in town for OWASP and a meeting with my team at work. Tuesday night we went to dinner with a few others and naturally the conversation was dominated by security. One of the topics as around groups such as anonymous, lulzsec, and others. […]

Continue Reading

Risk Managment or Compliance Management

Timing is everything. Sometimes it works in your favor and sometimes it sneaks up and bits you in the butt. I wrote this last night (Thursday) and didn’t get around to posting it and then today I see several people pointing to this video on the very topic I wrote about. Oh Well, here it […]

Continue Reading

Missing the goal

One of the things that we are faced with is meeting goals that often change depending on lots of different things. Current threats, business goals/needs, projects, etc… We all have the ultimate goal of securing the data and systems that we are responsible for, at least I’d hope that we all shared that common goal. […]

Continue Reading

Why does Web App Security continue to stink?

Everyone and every company has a web site now a days. Some are professionally done, some are made from DIY kits provided by the hosting provider and some are done from scratch by someone who claims to know what they are doing. It doesn’t seem to matter who built the site most all of them […]

Continue Reading

You say false positive, I say tell me anyway

One of my favorite people on the intertubes is Shrdlu. I’ve enjoyed reading her enlightening and somewhat amusing posts for quiet a while and have bantered back and forth with her on Twitter many a time. She was even the first interview that we Martin did on the SFS podcast back in January of last […]

Continue Reading

Getting results the wrong way

“Right results are not the measurement of success. How you arrive at the results is even more important. It is not all about results. Of course results are important, done the right way.” For quiet some time lots of us in the community have been saying that the industry is broke and that we’re looking […]

Continue Reading