When people are talking about cybersecurity they are often talking about IT-security, but there are also OT-security. But what are the difference? Most people in tech know what IT is, the tech that handles information. The focus is on handling data, collecting, modifying or providing it. OT (Operational Technology) on the other hand is focused on the tech that impacts the real world. An example could be a control-system that manages the indoor climate in an office....
As in all fields there are lots of decisions that has to be taken in Cyber Security. But how can we maximise our chances to take the correct decisions? This question has many answers, but from my experience many of them boil down to information. To make the correct decision one needs to make an informed decision. But what information is it that is needed, and how can we gather it efficiently?...
Far to often organisations do all their security work on the few systems that are exposed to the internet. This might be acceptable when you begin the structured and ongoing work with security, but you should try to move on to defence in depth as soon as possible. Defence in depth is where you do not leave security to one layer of an application (or solution), but instead validate the security every step of the way....
In my years of working as an application security (appsec) penetration tester I’ve come to the conclusion that there are so much more value to be added than pure technical vulnerabilities. To deliver the most value you have to be willing and able to walk the extra mile. Before getting into what can be done to increase the value, let’s dig into the two most common types of vulnerabilities. Technical Vulnerabilities The technical vulnerabilities are the most common vulnerabilities we see....
We live in a world where technology compete for our attention, especially on our smartphones. Apps do everything they can to get us to open the app, and not leave it. At least that’s how I feel, with endless newsfeeds, notifications and autoplay, it’s so easy to just open the phone and get stuck. The feeling is not new, but the thing that pinned it down for me was the book Zucked by Roger McNamee [1]....