7 Critical Security Conversations

The wave of supply chain security conversations that was sparked by the Bloomberg articles has people talking (see The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies and related articles). The increased interest in supply chain security is important. It is feasible for threat-actors sneak in a backdoor, exploitable code, or Read More

Preparing for the next DDOS Wave

This week I was helping with a top 10 list to prepare for DDOS attacks. I did it without reviewing the industry to see the marketing overload of “prepare for DDOS steps.” These all seem to lead the one conclusion … “buy my product.” Steve Zurier (Dark Reading) and I pulled together these ten steps to Read More

Adding IPv6 Requirements to your RFP

[ Originally posted on Linkedin here: IPv6 – Adding Requirements to your RFP. Adding IPv6 Requirements to your RPF is a necessity when all the major Google, Facebook, Linkedin, and other sites are built for “IPv6” first. Meaningful IPv6 requirements in RFPs are a core tool to your dialog with your vendors. This is a Read More

Security Questions to ask Vendors

What security questions are you asking your vendors? The Bloomberg article, “How Russian Hackers Stole the Nasdaq,” is a sobering insight into today’s risk. It should be a wake-up call for all organizations in all parts of the world to understand that even the best security teams are facing an overwhelming threat. The focused expertise used by Read More

Everyone should be deploying BCP 38! Wait, they are ….

Have you deployed BCP 38 in your network? For most networks, the answer is yes. During last week’s FCC CSRIC III meeting, several people called on operators to deploy “BCP 38.” This IETF best common practice (BCP) is packet filter placed on the edge of networks to insure that the IP source cannot pretend to Read More

If I say it over an over again, it must be true …

“Keeping to your message, repeat it many times, and ignore the criticism” are key principles of success in Washington DC policy work. If you say something over and over again, it must be true. It does not matter if the message is true, based on facts, or have any empirical data to support your assertion. Read More