infosec

For example: if you can pick 20 metrics that encapsulate a number of the CIS Critical Controls and work like crazy to keep your environment to those then you will likely get more benefit than spending your time on more sophisticated approaches.

The AI-risk community has also learned that novel corporate-governance structures cannot constrain executives who are hell-bent on acceleration. That was the big lesson of OpenAI's boardroom fiasco. “The governance model at OpenAI was supposed to prevent financial pressures from overrunning things,” Ord said. “It didn't work. The people who were me

Addressing key business risks: Every business faces risks, but when you write them off as inconsequential or irrelevant, they become more dangerous. The Steel Man forces you to conduct a pre-mortem of each key business risk to understand how it creates a significant business disruption. In doing so, you are better prepared for managing these risks.

“I use the analogy of driving cross country,” Noaman says. “We’re going from point A to point B, and we have these goals. I’m not going to tell you how you need to get there. I’m not going to tell you what you need to do. That’s your jobs. It’s my job to get you ready for the road trip, because it’s a journey. As a leader, I have to set that vision

“So when a CISO or anybody comes into a board room and says, ‘if we don’t do this, this is going to happen,’ it makes them all feel anxious and they start to close down their thought processes around it.”

I once met a disgruntled former employee of a company that competed against UberMedia and PlaceIQ. He had absconded with several gigabytes of data from his former company. It was only a small sampling of data, but it represented the comprehensive movements of tens of thousands of people for a few weeks. Lots of those people could be traced back to

If you don’t research why new mild anomalies happen, you deserve all the upcoming incidents.

If you ever granted a weather app permission to know where you are, there is a good chance a log of your precise movements has been saved in some data bank that tens of thousands of total strangers have access to. That includes intelligence agencies.

I like DNS Dumpster for this next step because it’s quick, easy to use, and easy to interpret. I’m most interested in “ISP-allocated” IP blocks, e.g. “COMCAST-1234” or “LOCALISP-AS-01,” as opposed to CLOUDFLARENET, MICROSOFT-CORP, etc. Not that I’ll ignore the latter, but self-hosted/on-prem infrastructure seems to be the likelier devil’s playgroun