Category: Resilience
You are viewing all posts from this category, beginning with the most recent.
๐ Beyond Anxiety
Read Beyond Anxiety by Martha Beck
Recommended
Note: I listened to this book, and will be updating this post after taking notes from another format.
This was a good collection of wisdom for releasing anxiety.
In many ways, it was an “applied” version of Iain McGilchrist’s The Master and His Emissary.
The gradual movement into the more woo-woo elements was well handled, and didn’t land in any dangerous territory.
My main concern was that with her valid concerns about WEIRD culture (“western”, educated, industrialized, rich, democratic), the proposals were still consumption-oriented and individualistic. We cannot live in a way where we all purchase an increasing number of services from one another, even if those services are creative and valuable to both parties. Some of our needs must be met in non-precarious ways, in community.
Iโve been staying with my Mom while she recovers from surgery, and sheโs been watching the news. It is 99% propaganda, vapid, or irrelevant. Makes me want to go into news.
๐ Still true! If you are doing something in journalism and need cybersecurity help, please let me know!
๐๏ธ๐ Tomorrow Iโm recording for the eXecutive Security Podcast.
My bar for podcasts:
โIs this a better use of my time than an audiobook?โ
So I take this pretty seriously. Hopefully weโll make it worth your listening time.
๐ The 2024 edition of CWE Top 25 is published:
Most Dangerous Software Weaknesses
“But what about the OWASP Top 10?” Think of the OWASP list as more of an engagement and learning tool.
The CWE 25 can more effectively be used as a target list to build your evaluation, mitigation, and prevention.
๐ Big improvements to calls in Signal: call links
๐๐ฅ Hey, you know how security teams are the worst and nobody wants to work with them?
Anyway, this is a signed going away present from the engineering platform and architecture leaders.
Definitely a keeper, even after itโs empty.
๐ Iโm at the CSO Conferencece and Awards.
Tomorrow, my team will be accepting a CSO50 award for our security automation platform that supports 4000 engineers and 7000 applications.
Iโve since left the company, but am here supporting my previous team. Proud of them!
๐ Banks: practice internet safety!
Also banks: we won’t let you login if you are blocking junk in your browser or using a VPN
๐ The opportunity: application threat modeling & secure design review is one of the highest value appsec/prodsec activities, but is hard to implement efficiently and at scale.
A bad solution: provide a long list of controls that need to be checked each time
A better solution: generate relevant security requirements automatically based on whatโs being built
Met with primesec yesterday, and this is what they are trying to do! They are using LLM to read whatโs in your user stories (etc.), summarizing the work for the security team, and injecting specific security control requirements.
If this catches even a small portion of the real requirements, it would be a major uplift for teams both from a security and efficiency perspective. Looking forward to checking it out.