Articles by Ed Moyle

Over the past few years, the concept of "zero trust" architecture has gone through a number of evolutionary phases. It's gone from being the hot new fad, to being trite (in large part due to a deluge of marketing from those looking to cash in on the trend), to pass, and now has ultimately settled into what it probably should have always been all along: a solid, workmanlike security option with discrete, observable advantages and disadvantages that can be folded into our organization's security approach...

For most organizations, COVID-19 has been a literal transformative agent. Our organizations have almost overnight gone from environments where teleworking was an exception, to where it's the norm We've gone from selective, partial externalization of key services, to near-total externalization. We've shifted from BYOD being accepted -- though perh...

Warren Buffet once said, "Only when the tide goes out do you discover who's been swimming naked." You can cover over a host of sins when times are good, but bad or unsafe practices will be exposed when times are rough Time and experience have borne out how accurate this witticism has been in the financial arena -- and we're now seeing how it can be...

As I write this, two things are happening simultaneously: The RSA Security Conference is in full swing and so is COVID-19 (coronavirus). It's a strange juxtaposition. There is geographic proximity in that the conference is going on undeterred just a few blocks from where the mayor declared a state of emergency (during the event) due to the ongoing spread of the virus.

As most security pros know, application containers -- Docker, rkt, etc. -- and the orchestration elements employed to support them, such as Kubernetes, are used increasingly in many organizations. Often the security organization isn't exactly the first stop on the path to deployment of these tools. (If it was in your shop, consider yourself one o...

If you're like most security pros, chances are pretty good that you're starting to get frustrated with microservices a little bit, or maybe a lot. Microservice architectures -- that is, architectures that leverage REST to build a number of small, distributed, modular components -- are powerful from a software architect's point of view. Want to ma...

If you've ever played chess, you know that each move you make has to be the best move. At one level, this is painfully obvious -- after all, who would choose to make a terrible move instead of a better one? -- but it's illustrative of an important concept. Specifically, the core reason it's true is that each individual move in a game like chess c...

They say that the key to good security is constant vigilance. As a practical matter, this means that it's important for security and network pros to pay attention to two things: changes in the threat landscape, so they can be on the alert for how their systems might be attacked; and changes and developments in the technologies they employ. It's i...

We all know that communication is important. Anyone who's ever been married, had a friend, or held a job knows that's true. While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity incident. Incident responders know that communication is paramount. Even ...

In IT, we've been hearing about the "cybersecurity skills shortage" for a few years. There is no shortage of statistics and data about it: More than 70 percent of participating organizations reported being impacted by the skills shortage, according to the ESG/ISSA research report, "The Life and Times of Cybersecurity Professionals 2018." Likewise, more than half (58 percent) of the organizations surveyed for ISACA's 2019 "State of Cybersecurity" report acknowledged unfilled cybersecurity positions. The majority of those (62 percent) were expected to take three months or longer to fill (of those, 32 percent were expected to take longer than six months to fill). ...

Following a natural disaster that causes property damage to businesses and homes -- say a hurricane, fire or flood -- how often do you hear suggestions that the victims were at fault for their misfortune, or that they could have done something to prevent the event from occurring in the first place? Not often, right? We all know that events like that are possible. We plan around those possibilities, and we don't blame the victims when they happen. ...

Cybersecurity has been becoming a larger and larger concern for organizations. Nowadays, most organizations -- regardless of size, industry, location, or profit vs. nonprofit status -- find themselves directly or indirectly impacted by cybersecurity. Even though the topic itself is increasing in importance, it remains a truism that many smaller ...

Let's face it, there's been a lot of hype about blockchain over the past few years. Nowadays though, there are signs that we may be on the cusp of moving from the "blockchain will solve all your problems" segment of the hype cycle into the "blockchain may be useful for a few targeted applications" segment. Yes, utility-based Darwinism is at work,...

Every child who's ever played a board game understands that the act of rolling dice yields an unpredictable result. In fact, that's why children's board games use dice in the first place: to ensure a random outcome that is (from a macro point of view, at least) about the same likelihood each time the die is thrown. Consider for a moment what woul...

Cybersecurity has been becoming a larger and larger concern for organizations. Nowadays, most organizations -- regardless of size, industry, location, or profit vs. nonprofit status -- find themselves directly or indirectly impacted by cybersecurity. Even though the topic itself is increasing in importance, it remains a truism that many smaller ...

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. If you don't believe me, consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis of what's under investigation. ...

Every child who's ever played a board game understands that the act of rolling dice yields an unpredictable result. In fact, that's why children's board games use dice in the first place: to ensure a random outcome that is (from a macro point of view, at least) about the same likelihood each time the die is thrown. Consider for a moment what woul...

If you're a technologist, you've probably noticed (or have been asked about) a few new things associated with Chrome 68's release last month. One of the more notable changes is that it now uses a "not secure" indicator for any site not using HTTPS. So instead of providing a notification when a site is HTTPS, it now provides the user with a warning when it isn't. ...

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. If you don't believe me, consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis of what's under investigation. ...

If you're a cybersecurity practitioner, chances are good that you've heard the term "zero trust" over the past few months. If you attend trade shows, keep current with the trade media headlines, or network with peers and other security pros, you've probably at least heard the term. Counterintuitively, this large-scale attention from the industry ...