In the video linked below, I am joined by two cybersecurity experts from Ford Motor Company. We discuss the value that threat modeling can bring to DevSecOps by moving things left (forward/sooner). During the discussion, I mention drawing a picture of the process under review; this is explained in more detail in my post about […]
Blogs from this Author
Creating a Data Flow Diagram
A data flow diagram (DFD) documents the path data takes throughout your process/system. It is important to document and keep accurate and updated. Part of the value of such a diagram is that it shows where data is crossing a trust boundary. For example, user input (low trust) from a web site crosses a boundary […]
Ransomware Attack Affects 23 Texas Local Government Agencies
In what appears as a highly coordinated attack by a single actor, 23 local government agencies in the state of Texas were hit with ransomware. This extends the recent trend where local government entities were targeted, some of which have led to the attackers being paid millions of dollars via crypto-currency. A first line of […]
Here’s Why You Should be Using a Password Manager
I do not mean a notebook with handwritten passwords or even a spreadsheet. I mean software designed specifically to generate and safely store your passwords. We have all heard about sticky notes under the keyboard, or even worse on the monitor. The current browsers can store your passwords for you and, assuming you have an […]
Why You Should Think Before Taking That Quiz on Facebook!
Well, in a word, privacy! It’s very enticing when you get an invite from a Facebook friend to find out which “celebrity” you are, or taunt you to beat their high score. Please think twice before clicking (no truer words were ever spoken). Game makers often ask for your permission to access your friends as […]