Infosec Quotes

Your ideas are bound to forces of which you have no control due to the fact that you've voluntarily submitted your freedom of though to the perception steering censorship of Google, Facebook and other dragnet surveillance capitalists.

Cities require connectivity rather than territory in order to drive their economic stability and growth.

The hacker didn't succeed through sophistication. Rather he poked at obvious places, trying to enter through unlock doors. Persistence, not wizardry, let him through.

If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.

Fewer than one in twenty security professionals has the core competence and the foundation knowledge to take a system all the way from a completely unknown state of security through mapping, vulnerability testing, password cracking, modem testing, vulnerability patching, firewall tuning, instrumentation, virus detection at multiple entry points, and even through back-ups and configuration management.

The benefits go beyond research and influence. We lack comprehensive historical records of internet culture and patterns of abuse. Those of us on the front lines tend to have institutional memory, but archiving this information would be extremely beneficial for tracking patterns and mechanisms in different settings. The kind of coordinated mob abuse that I went through was the same kind of abuse the women who exposed #EndFathersDay experienced was the same kind of abuse the infosec community instigated against Kathy Sierra in 2007 and so on. Some of the actors are even the same. This data could be invaluable to sociologists, technologists, and historians alike. However, due to the extremely personal nature of this information, the details of how it’s obtained, who obtains it, and what is done with it must be well thought out.

Awareness is the number one step in ensuring security, both physical security and information security. Awareness ensures that the chances or risks of vulnerability and threats to security are reduced considerably. Toward this end, it is essential to provide organizationwide security awareness programs to all employees (permanent or temporary), contractors, suppliers/vendors, customers, and all other relevant stakeholders who have access to the organization or its information.

By adding the expertise of QA, IT Operations, and Infosec into delivery teams and automated self-service tools and platforms, teams are able to use that expertise in their daily work without being dependent on other teams.

Even the bravest cyber defense will experience defeat when weaknesses are neglected.

The IoT market grows rapidly and it’s acceleration will continue in all major areas like Industrial Internet of Things; Digital Enterprise; Internet of Healthcare; Internet of Energy; Internet of Education; Digitalisation of global Supply Chains. Security concerns add to the IoT complexity. Strategically, to assure the system’s reliability & data / knowledge engineering, it is important to insure data integrity, availability, traceability, and privacy. A complex problem of digital transformation globally. The Internet of Things cybersecurity, therefore, is not a matter of device self-defence. What is needed is a systemic approach. Identify underlying patterns. Secure elements of a chain: from security of a device that creates, captures your data.. to the data storage.. to the back-end storage.. Create/ join IoT ecosystems, driven by protection with external monitoring, detection and reaction systems. It is a challenge - to secure systems.

Virtualization, cloud computing, and robust telecommunication provide new capabilities as part of CoOP that can assist organizations in achieving the security, availability, and confidentiality requirements of the new “always on” business model with limited or no interruption even during disruptive events.

Because our goal is to enable small teams of developers to independently develop, test, and deploy value to customers quickly and reliably, this is where we want our constraint to be. High performers, regardless of whether an engineer is in Development, QA, Ops, or Infosec, state that their goal is to help maximize developer productivity.

our goal is to create fast feedback and fast forward loops wherever work is performed, at all stages of the technology value stream, encompassing Product Management, Development, QA, Infosec, and Operations. This

We’ve gone from a planet ruled by natural geography to political geography to kinetically functional geography to a cyber geography that is ruled by ideological variation rather than politically constructed boarders.

The way to stifle China’s growth is to inhibit the flow of their connectivity. In order to slow down Chinese expansion, we need to cripple their cyber-kinetic-political connectivity. Indirect polarization, in all forms, must be at the forefront of the agenda when conducting influence operations on all things China.

Labor automation, machine learning and artificial intelligence will have a devastating impact on the already struggling Chinese economy.

Myth—DevOps Means Eliminating IT Operations, or “NoOps”: Many misinterpret DevOps as the complete elimination of the IT Operations function. However, this is rarely the case. While the nature of IT Operations work may change, it remains as important as ever. IT Operations collaborates far earlier in the software life cycle with Development, who continues to work with IT Operations long after the code has been deployed into production. Instead of IT Operations doing manual work that comes from work tickets, it enables developer productivity through APIs and self-serviced platforms that create environments, test and deploy code, monitor and display production telemetry, and so forth. By doing this, IT Operations become more like Development (as do QA and Infosec), engaged in product development, where the product is the platform that developers use to safely, quickly, and securely test, deploy, and run their IT services in production.

To achieve market orientation, we won’t do a large, top-down reorganization, which often creates large amounts of disruption, fear, and paralysis. Instead, we will embed the functional engineers and skills (e.g., Ops, QA, Infosec) into each service team, or provide their capabilities to teams through automated self-service platforms that provide production-like environments, initiate automated tests, or perform deployments.

A reminder that Goodreads is owned by Amazon, and everything you do here supports Big Data and corporate surveillance. You should be concerned, especially if you read books about liberation. A friend recommended StoryGraph, a Black-owned independent alternative. Download your data and GTFO.

Congress is a federation of fiefdoms, subject to the vicissitudes of constant fundraising and the lobbying of those who have donated the funds.

Complex deployments often require multiple handoffs between teams, particularly in siloed organizations where database administrators, network administrators, systems administrators, infosec, testing/QA, and developers all work in separate teams.

Here, we can see that a good name is not one of the infosec's strengths.

DevOps benefits all of us in the technology value stream, whether we are Dev, Ops, QA, Infosec, Product Owners, or customers. It brings joy back to developing great products, with fewer death marches. It enables humane work conditions with fewer weekends worked and fewer missed holidays with our loved ones. It enables teams to work together to survive, learn, thrive, delight our customers, and help our organization succeed.

Branch plant made the call. He’s infosec. And he’s in your existing trust network, so that puts him in mine. Not that I didn’t do due diligence. He’s qualified.

When Lowbeer wished a conversation in public to be private, which she invariably did, London emptied itself around her.

These measures are strongly correlated to culture: ​–​Organizational investment in DevOps ​–​The experience and effectiveness of team leaders ​–​Continuous delivery capabilities ​–​The ability of development, operations, and infosec teams to achieve win-win outcomes ​–​Organizational performance ​–​Deployment pain ​–​Lean management practices Westrum organizational culture predicts software delivery performance, organizational performance, and job satisfaction. Westrum organizational culture is negatively correlated with deployment pain. The more painful code deployments are, the poorer the culture.

If we wish to have any hope of beating the bad guys at the cyber game, the good guys must learn to share more effectively and efficiently than them

DevOps astonishingly enables us to simultaneously improve organizational performance, achieve the goals of all the various functional technology roles (e.g., Development, QA, IT Operations, Infosec), and improve the human condition.

You may think that Ransomware attack decrypt's the encrypted data after Ransom payment. Don’t forget the fact that 97% of the attack victims haven’t recovered, even after ransom.

The result is world-class quality, reliability, stability, and security at ever lower cost and effort; and accelerated flow and reliability throughout the technology value stream, including Product Management, Development, QA, IT Operations, and InfoSec.

High-performing teams were more likely to incorporate information security into the delivery process. Their infosec personnel provided feedback at every step of the software delivery lifecycle, from design through demos to helping with test automation.

Imagine a world where product owners, Development, QA, IT Operations, and Infosec work together, not only to help each other, but also to ensure that the overall organization succeeds. By working toward a common goal, they enable the fast flow of planned work into production (e.g., performing tens, hundreds, or even thousands of code deploys per day), while achieving world-class stability, reliability, availability, and security.

In our world, Development and IT Operations are adversaries; testing and Infosec activities happen only at the end of a project, too late to correct any problems found; and almost any critical activity requires too much manual effort and too many handoffs, leaving us to always be waiting.