Profile cover photo
Profile photo
Gabriel Bassett
127 followers
127 followers
About
Gabriel's posts

Post has attachment
How to Handle Being Questioned
In my post, How to Converse Better in Infose c, I laid out some rules for better infosec discussions.  A key tenent of that blog post was asking questions.  But what if you are on the receiving end of that? To the questioned: When expressing a view, being q...

Post has attachment
What is most important in infosec?
"To crush your enemies -- See them driven before you, and to hear the lamentation of their women!" Maybe not. Vulnerabilities Recently I asked if vulnerabilities were the most important aspect of infosec.  Most people said 'no', and the most common answer i...

Post has attachment
Why Phishing Works
Why Phishing Works I've been asked many times why old attacks like phishing or use of stolen credentials still work.  It's a good, simple, question.  We are fully aware of these types of attacks and we have good ways of solving them.  Unfortunately, there's...

Post has attachment
How to Converse Better in Infosec
In a previous blog , I spoke a bit about what to do when the data doesn't seem to agree with what we think.  But what if it's not data you disagree with, but another person? We've grown up in a world where the only goal in a conversation is to simply be rig...

Post has attachment
Do You Trust Your Machine or Your Mind?
Data science is the new buzzword.  The promise of machine learning is to be able to predict anything and everything.  Yet, It seems like the more data we have, the harder the truth is to find.  We hear about some data that doesn't sound right to us.  We ask...

Post has attachment
The role of Pen Testing / Vuln Hunting in Information Security
Intro At a security conference, ask someone in attendance what they do.  More than likely they are a consultant, either doing penetration testing, vulnerability hunting or both.  Penetration testing and vulnerability hunting are mainstays of security testin...

Post has attachment
Alexi Hawk's Impossible Data Set
As the author of the only unsolved puzzle in the DBIR Cover Challenge this year, I figured I should provide a bit of a write up.  I'll apologize to all of the cover challenge participants as it's quite literally 10 lines of code to solve,  only two of which...

Post has attachment
Hybrid Cybers
At the Women in Cyber Security Conference , someone posted a slide title " The Rise of the Cyber-Hybrid ".  The concept was that to advance and develop in cyber security, people needed multiple disparate skills (policy, law, regulatory, interpersonal skills...

Post has attachment
Of Course the Network Diagrams are Bad!
As security professionals we know network diagrams are critical to providing security.  It's the top control in the SANS CIS CSC top 20 controls . Yet, almost every organization we go to has network diagrams that are convoluted, out-of-date, missing things,...

Post has attachment
Is Your Objective Risk Assessment Methodology Really Objective? Really?
Introduction I hear a lot about Risk Assessment Methodologies (RAMs) and making risk assessment objective these days.  Let me pass on some lessons learned in a previous attempt to make risk objective. Bucketing Most organizations that attempt to make risk o...
Wait while more posts are being loaded