Articles by David Sheidlower


January 24, 2017

By David Sheidlower
Global Media and Advertising CISO

In this series I take a close look at the Framework for Improving Critical Infrastructure Cybersecurity which NIST first published in February of 2014. Read Part One 'All Infrastructure and the NIST Framework' and Part Two 'Hackers Are Not Afraid of Frameworks.'

There I was preparing part 3 of my close reading of the 2014 Framework for Improving Critical Infrastructure Cybersecurity from NIST and then I realized it was almost three years old. Soon, it will be under a new administration and version 1.1 is due for release anytime. 


July 11, 2016

By David Sheidlower
Global Media and Advertising CISO

Is that news?  No, of course it isn’t.  In fact, deterrence (fear) may seem like an odd concept for cybersecurity. Arguably, except for highly visible physical access controls, virtually all other cybersecurity controls are designed to keep an incident from happening (i.e. protective/preventive) or detect and then respond/recover when it has. 


June 15, 2016

By David Sheidlower
Global Media and Advertising CISO

Each infrastructure is critical to someone.  Go ahead: ask a CIO if they are in charge of something other than “critical infrastructure” and see what they say.  In fact, the increasing criticality of all aspects of infrastructure underlies all our assumptions about security and privacy.  


March 29, 2016

By David Sheidlower
Global Media and Advertising Company CISO

I tell users all the time “Forget everything you learned in Kindergarten.”  It always gets a laugh, gets their attention and gets my point across.  

It’s not nice to share (your password).  Secrets are really ok (your IP address).  Not only should you not take candy from strangers, you should not take strange candy from people you know (probably a phishing attack).  


January 11, 2016

By David Sheidlower
Global Media and Advertising Company CISO

In August of 2010, Huping Zhou who had served as a researcher at the UCLA School of Medicine and had since been terminated, was sentenced to jail time for inappropriately looking at the medical records of his immediate supervisor and some notable celebrities including Drew Barrymore, Arnold Schwarzenegger, Tom Hanks, and Leonardo DiCaprio. 


November 16, 2015

By David Sheidlower
CISO Global Media and Advertising Company

Focus is over-rated when you’re starting out.  The original idea for my presentation at The Privacy & Security Forum in Washington, D.C. was to talk exclusively on how security controls relate to the frameworks that sweep them up and organize them.   It was to be “how controls become a framework” in the spirit of the grammar school lesson ”how a bill becomes a law.” 

It ended up rather differently.  


October 28, 2015

By David Sheidlower
CISO Global Media and Advertising

Privacy folks and security folks were finally intermingling by design and not by accident or through one or the other being adventurous.  I’m a huge proponent of the two being intermingled (my post Security and Privacy walk into a bar is an example).

So I was glad to attend the inaugural Privacy & Security Forum hosted at George Washington University and organized by Drs. Daniel Solove and Paul Schwartz. "The Privacy + Security Forum went incredibly well in Year One.  We had amazing presenters, an impressive audience, and an exciting interchange exchange of ideas at sessions," Schwartz said.


July 7, 2015

By David Sheidlower

The original series was written in a frenzy.  Aggregating is the inverse of broadcasting.  Aggregation is biased towards anonymity. Being the subject of a data point is a matter of immediate experience.  Cohorts choose people more than people choose cohorts.  And so on.  

Frenzies have a welcome feature: the simultaneity of both focus and chaos.  Which means that while I noted some thoughts along the way in writing the series, I had neither the time nor the appropriate peripheral attention to get to them.


May 28, 2015

By David Sheidlower

It’s now commonplace to read that security means more than checking off boxes on a compliance checklist.  A robust approach to security includes trying to fill the gaps between the boxes.  I would argue that that argument has mostly been won.


April 22, 2015

By David Sheidlower

Distributed Denial of Service (DDoS) attacks are very inefficient but very effective.  Auditors are careful to be sure their findings are accurate so that they are not accused of being unfair to their subjects and so they maintain their reputation for impartiality.  Spammers expect a small number of hits for the millions of messages they send out. 


Page 1 of 3 : First   1 2 3 Last

The Human Factor: Gain new insight into the ways attackers exploit end-users' psychology​​

About Security Current | Privacy Policy | Subscribe to our newsletter