Categories
CyberSecurity

What is DevOps/DevSecOps (or more to the point, what it is not)

I recently had a conversation with a CISO at a major automobile manufacturing company who uses a DevSecOps strategy and so I started inquiring about it. What I discovered was a definition of DevOps which was terribly unsecure. I later asked around and I discovered this was not a single case, most companies who claim […]

Categories
System Administration

I received an error, now what?

We see them all the time: error messages. They are in our logs, in our monitoring and in our applications. We receive them so often we’ve become immune to them. We even have names for alerts errors we ignore such is known, false or phantom. This is one of the biggest problems with software today. […]

Categories
CyberSecurity

Your Password Complexity rules don’t work.

This sounds very strange. Security professionals and users alike are told we need to set up very complex passwords to protect our systems. This has been engrained in us so deeply we rely on it to protect all our most precious information. Current password complexity, however, is completely broken and our reliance on it is […]