Application Security Guest User Application Security Guest User

The Calculus of Threat Modeling

I have been designing secure and security products for 20 years. I always thought of this as “architecture” and it took me a long time to realize that a major part of what I was doing was threat modeling. There are many established approaches to threat modeling, but because I backed into the field, I had rolled my own. This post is to explicitly describe what I have been doing.

Read More
Alex Muentz Alex Muentz

Temporary Workarounds Shouldn’t Last Longer Than Permanent Solutions

You’ve got frustrated users, availability and confidentiality issues. All from a temporary workaround that wasn’t fixed when it was relatively easier. Welcome to technical debt and the interest is accruing. Where non-kludged systems can be patched and upgraded within regular service windows without the entire IT department on call, fixing this monster will require serious planning.  

Read More
Risk Advisory Alex Muentz Risk Advisory Alex Muentz

WannaCry as the Regulatory Brown M&M

If you were under a rock for the last few weeks, WannaCry is one of those cyber-security events that made it into regular news. If it hits NPR, that means everyone who knows me or at least strikes up a conversation at the bar will ask me my opinion.

Read More
Enterprise Security Guest User Enterprise Security Guest User

Roll for Initiative

I had the privilege of being at the Microsoft Security Response Center during the formation of their incident response planning. It’s a challenging thing to create as well as maintain. The concept of removing people from the equation and supplying a base level playbook is integral to the difference between a security incident bouncing bad or bouncing to a level where it can be handled.

Read More