Who’s Threat Modeling the Threat Modelers?
When an org's security personnel carry out threat modeling exercises, they tend to make unconscious assumptions about the efficacy of their own security controls. This is dangerous.
zerotrust
4 posts
3 Reasons Security Folks Roll Their Eyes When They Hear “Zero Trust”
The principles still matter, more than almost everything else in security...even if we're tired of hearing about it.
Your Expensive PIM/PAM Solution Won’t Save You—But This Might
If <that one PAM tool everyone uses> was good enough on its own, then no one in banking would get hacked, because they all use it. Clearly there's more to the story.
Boy Were We (Mostly) Wrong (aka Security Reflections on a 2010 Cloud Model)
Ground-breaking paradigms from Jericho Forum are still meaningful today, but some more than others. How have things evolved since then, and why does it matter?