Entries by RedSeal
Mapping Policy to Your Network
A few years ago, I sat in an otherwise empty classroom inside the administration building of a children’s hospital with two members of their security team. We stared at a spreadsheet and a document that described the server and client zones of their network, displayed from a projector like a classroom project. For each zone, […]
Was It Something I Said?
I was in one of those small, interior conference rooms when it first happened. It was very hot outside, with an obvious threat of another day over 100°F and extreme humidity, as well. But, it felt even hotter in the room. I was there to provide insights to members of the network and security teams […]
Identify and Close Before the Bad Actor Exploits
It happened again yesterday. I was taking a break on my back porch and listening to the Colorado summer rain when an alert hit my phone: news of another breach. They seem to be coming with a disturbingly increasing regularity and with ever more serious consequences. For example, one company, Code Spaces, was completely destroyed […]
The Reality Gap
A couple years ago in a conference room with a window looking out on the Arizona desert, two of us sat down with a customer to talk about their network. I asked to see their best network diagram, which he left to retrieve. When he returned, he rolled it out to its full length on […]
Somewhere Over the Spreadsheet
Two years ago I was standing in front of a group of security geeks in Santa Barbara for BSides LA talking about the sophisticated tools that most network engineers use — like “ping” and “traceroute” and even Excel — and about how the broad range of tools available typically didn’t get used in a primordial […]
Another Day, Another Breach
On Wednesday, August 20th, UPS announced that a breach may have compromised customer data during up to 105,000 transactions between January and August. While UPS is to be commended for coming forward so quickly, this breach underscores the truth that organizations with highly sophisticated and advanced capabilities in information technology aren’t inoculated against breaches. It […]