Akshay’s Uncertainty Principle: Observing Some Metrics Changes Them

You’ve probably heard of the famous  Heisenberg Uncertainty Principle  in Quantum physics. It states “The more precisely the position is determined, the less precisely the momentum is known in this instant, and vice versa.” –Heisenberg, uncertainty paper, 1927 This principle is related to the observer effect. In physics, the term observer effect refers to changes…

1

Note to Fannie Mae: Dealing with Logic Bombs

Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic Bomb designed to take 4000 of the financial giants servers & their data. Since this news broke, a number of concerned CIOs have requested my team for some guidance on how to deal with logic bombs. So…

4

Application Security Development Lifecycle 4: Finding the right security talent

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)… I thought about it a while and so Mr. B here is your answer: Information security…

0

How Microsoft IT does Secure Application Development: Webcast

Technorati Tags: Conference,SDLC,SDL,IT,ISV I will be discussing Microsoft IT’s approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th. This webcast will be part of the Microsoft’s IT Manager Webcast series. This series aims to share deep knowledge focused…

5

Application Security Development Lifecycle 3: Funding Models

Now that you’ve decided (or battled) to set up an application security program you realize that it actually needs to get funded.  You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience helping organizations set up their application security programs funding was perhaps the most…

1