Mornings With Mark

Google recently conducted a complete security & privacy review of various APIs associated with Google+. The result? The service is shutting down and they found a vulnerability. Did they take the proper steps in disclosing the issue?

With the Bloomberg report on hardware hacking looking more in doubt, more and more politics are coming into play. Anytime you evaluate news, it's important to look at things objectively. Here are a few tips around evaluating cybersecurity news.

Bloomberg has an absolutely earth shattering report citing a hardware supply chain attack that—they say—impacted several big names. Here's why this type of attack is so difficult to defend against but also near impossible to execute.

Reflecting back on my keynote at SecTor in Toronto where I delivered some tough new to a roomful of security professionals. Here's what worked and what could've been better!

Sometimes you have to deliver really bad news. It's not your fault, but you're the one on the hook. How do you deliver it? How do you deliver it without getting mired into the downside?

October is National Cybersecurity Awareness Month (#NCSAM). Look for tons of great content online as the community comes together—globally, not just nationally—to try and raise awareness of cybersecurity and privacy issues.

50 million Facebook accounts were hacked. Facebook responded quickly to the issue but could've done better communicating throughout. Here's what you need to know about the hack.

A recent study proved that Facebook uses more information about you than you realize. Behind the scenes, Facebook compiles "shadow profiles" from various sources in order to better target ads...anyone surprised?

In the recent dust up with the founders of WhatsApp, you might have heard the term "end-to-end encryption". What is it? What does it means for you? Why was it frustrating efforts to data mine and monetize WhatsApp?

Amazon announced a host of new "Alexa enabled" devices last week. What are the implications for your privacy at home?

Conferences are usually jam packed with great content. So much so that it can be hard to prepare for them and get the most out of them. What do you look for in a conference? How can I help?

Security is a quality issue. Except we don't treat it that way and that's costing us dearly.

With the initial set of cybersecurity basics segments done, I'm think it's worth moving to a "basics" basics series. The goal would be to help everyone understand how the internet works, how email is structure, etc. Thoughts?

Built-in security is always best. That's "security by design" but when that fails (due to mistakes, oversight, humans), built-in security steps up...or, um, in.

In your personal life you're assessing risk constantly whether you know it or not. In the digital world the same thing happens BUT you probably don't have the required context to make an informed decision.

Risk assessments are useful when kept in context and continually updated. A penetration test (or pen test) is when your system undergoes a "friendly" attack with the idea of find issues before cybercriminals do. Together they are a strong set of practices to help you defences.

Personally identifiable information (PII) and Personal Health Information (PHI) are critical concepts. They help identify information that needs additional safeguards and care.

Who did it? It's a powerful question and the answer to "What is attack attribution?"

Authentication and authorization are two critical concepts that are intertwined. Understanding the difference and their purpose is key to understanding cybersecurity.

Hackers and cybercriminals are all "malicious actors". While you may not know who is attacking a system, having a better understanding of common motivations is important.