Security Duct Tape

Building a DIY Voice Satellite for Home Assistant Pt. 1

2024-08-19 21:52:00 +0000

Intro

continue reading ->

Top of Mind...just stop.

2023-05-23 14:37:00 +0000

I’ve often said that security, in this case information/cyber security, is part technical acumen and part psychology. Sure, there are other concepts that get sprinkled in such as budgeting, presentation skills etc, but broadly speaking I believe technical knowledge, whether hands-on or conceptual, and the psychology of risk and security cover it. Along these lines, I have often found myself asking organizatons how they view security. Is security considered a necessary evil and just another cost center? Is it considered the “Department of No”? On the flip side, is security viewed as an asset, value-add, and revenue defender? The answers I get are very telling and often change depending on which level in a company’s heirarchy is answering the question. However, there is one catch phrase that stands out that immediately signals, at best, an exaggeration, and at worst outright dishonesty:

continue reading ->

Setting Up a Yubikey for Git Signing

2023-04-26 16:45:00 +0000

One of the many hot topics of late is supply chain security. In the interest of having security be a part of the equation as early as possible, or “shifting security to the left”, ensuring the integrity and identity of who is commiting changes to your internal code bases is critical. Whether you have internally developed applications and microservices or just infrastructure as code repositories, ensuring only authorized users are making changes is a key component to securing your internal supply chain. One great way of doing this is by forcing contributors to cryptographically sign their commits via GPG and hardware tokens.

continue reading ->

Why Duct Tape?

2023-04-18 21:19:00 +0000

It probably makes sense to discuss why I called this “Security Duct Tape”. When looking at technology solutions, there seems to be a desire for magical fixes. A single remedy to today’s problems. We’re bombarded with marketing slogans like “Ransomware=Solved!” and products that claim to fix things like data breaches, data leakage, compliance, network gnomes, and coronal mass ejections. None of these things have been fixed (pesky gnomes), but worse than that, it creates a mindset that the next product will finally be the thing that fixes all of the things.

continue reading ->

Recent Posts: