I wanted to post a “rah rah” message to Rich Mogul when he posted that GRC platforms Are Dead. He was so spot on in my humble opinion that he made me smile for a week or so. I may be a bolshy arrogant git confident but re-assurance from smart people is always comforting. Today [...]
It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]
In a former life I designed and installed some two factor Authn and cyrpto systems for ING Barings (home of the first rogue trader Nick Leeson) in the 90’s. Let me tell you that no single FX or Options trader can run up 7 billion of debts without serious collusion. Watch this space! This story [...]
Dear Idiot (Tom Harris - Labour MP for Glasgow),
The world has gone mad and I am boarding the next commercial flight on Virgin Galactic in search of a world where numnuts and numties no longer rule.
It was my birthday last Thursday and very peasant it was too. I got back from a week in [...]
Yesterday morning I was in chilly Chicago. On the train into downtown I asked the guy sitting next to me if the next stop was mine (showing him the address on my phone). He kindly spent 5+ mins guiding me off the train and through the maze onto Madison St. and to my meeting location. [...]
My last blog leads me neatly onto to the good stuff. Joining a new company is like a poker game. They need to tell you enough to get you interested but not too much that if you decide not to join you could screw up their plans. I knew ACE had bits of cool stuff [...]
I am currently on my way back (this post was started on a plane) from a superb two weeks in Redmond meeting with my team and other folks in various parts of Microsoft. There is just so much cool stuff going on and in the plans that it’s hard to know where to start. I’ll [...]
A while back I wrote a blog post called Lets call a Fig a Fig about the limitations of web application firewalls and the sheer ludicrousness of a security standard offering an alternative of choosing a code review or a web application firewall.
This morning I was reading an excellent post by Chris Eng about [...]
Marc’s post here is well worth a read.
Level 1 is what I call an “Access API”.
Level 2 is what I call a “Plug-In API”.
Level 3 is what I call a “Runtime Environment”.
The Oxygen Security Platform is actually likely to be a combination of all three!
Some security standards make statements that are ambiguous. One example is the PCI DSS that says “only necessary ports should be open”. The default effect of this ambiguous statement is for all sites to legitimately claim that all open ports are necessary and everyone passes. “The Remote Desktop Protocol is necessary to remotely manage the [...]
Recent Comments