Wait, what is "proactive cybersecurity," exactly?

Most organizations take what you might call an active approach to cybersecurity, They’re prepared to do certain things once an attack happens. Or, they take a reactive approach, taking action after an attack is completed. A proactive cybersecurity strategy is about acting before any attack occurs; it’s a good cybersecurity posture of readiness.

Take a look at the policies, tools and practices that make up proactive cybersecurity measures.

Witchcraft in the shadow of Monte Alban

Amira and I went hiking with a friend near Monte Alban, which is a fantastic ruin and the site of the Zapotec capital for a thousand years or so. Our friend told us that the whole mountain is used by local witches, who come up at night and perform rituals at specific places. This one, he said, was the site of a fertility ritual. 

Why engineers should study cybersecurity

Engineering and cybersecurity are two distinct disciplines, each demanding its own rigorous education and training. But should there be crossover? Should engineers or engineering students invest in cybersecurity education as well? What are the opportunities for engineers to gain expertise in protecting against threat actors in the software realm?

As the world becomes more complex and the use of cyberattacks grows, the world of cybersecurity benefits more and more from engineering expertise, and vice versa. Here’s why.

Why I own plates made in “occupied Japan“

My sister yesterday gave me a box of these plates, which belonged to our grandmother, who died nearly 10 years ago. The imprint on the bottom says they were made in occupied Japan.

During World War II, my grandparents had a friend, a Japanese American who had a farm that grew greenhouse flowers. They lived in Long Beach, California.

When troops came to drag their friend and his family to an internment camp, my grandparents bought his farm for one dollar. After he was released, they sold it back to him for one dollar after having taken care of it during his internment.

Later, the friend went back to Japan to visit relatives and upon his return gave these plates to my grandparents. 

I wonder why they labeled them as “occupied Japan,“ instead of just “Japan.“

What I wrote about Steve Jobs on the day he died 10 years ago today

When Steve Jobs died I was moved to write this piece for Cult of Mac about what Steve Jobs meant to Silicon Valley. An excerpt: 

"Steve Jobs’ career is the gold standard for how to launch a startup, how to invent a product, how to give a presentation, how to market consumer products, how to design a web site, how to design anything, how to develop and build products, how to build a company, how to create a retail experience, how to create a development ecosystem and above all, how to create passion in the hearts of users. He always gave Apple fans everything they wanted. And then one more thing.

Everybody in Silicon Valley is trying to do what Steve Jobs did. But Jobs was the perfect person at the perfect time in the perfect place to accomplish what he did in his incredible life. He can never be equaled.

Steve Jobs was born and raised a child of Silicon Valley. But he died in a Silicon Valley that was in many ways a child of Steve Jobs."

Read the rest

I just finished the original "Pinocchio" last night and it was amazing: dark, mysterious, magical and violent

The Adventures of Pinocchio was written by Carlo Collodi in 1883. I just read the hardcover version with Robert Ingpen illustrations to my granddaughter, and we finished it last night. The original story is almost as random and bizarre as Alice in Wonderland. All the animals talk. In this scene, the "monkey" is a judge that sentences Pinocchio to prison for being the victim of a crime. The fairy dies and takes different forms. Pinocchio murders the cricket in the first scene where he appears, but he reappears alive. As with most Victorian-era children's stories, it's designed to be instructive to children: Be obedient to your parents and work hard in school, or your life will come to devastating ruin. In general, the story is totally bonkers, but highly recommended. 

Mike's List: Amazon’s Astro takes surveillance capitalism to the next level

Well, they did it. Amazon announced a home robot, as rumored.

Amazon’s Astro is priced at $999.99 for the invitation-only promotion, which you can request. The actual retail price will be $1449.99.

The Astro is described by some as essentially an Amazon Echo Show smart display on wheels. But that description fails to capture what a radical product this is.

In addition to wheels, they added artificial intelligence navigation and a host of sensors — plus the mission to use your home’s WiFi connection to upload much of that data to Amazon’s servers for “processing” and indefinite storage.

I predicted back in April that this product would be a bad idea. Now that Amazon has announced more details, I’m still convinced of everything I wrote.

Here’s what Astro can do. The robot can carry or deliver things around the house; a bin can be converted into two cup holders for schlepping up to 4.4 pounds of whatever.

The Astro can be used for video calls; the 12-megapixel camera sits at the end of a telescoping pole that raises the camera to a height of 42 inches. The base unit has two speakers.

Astro integrates with Amazon’s Ring doorbell and security system, as well as a service called Alexa Guard, which detects the sounds of breaking glass, smoke alarms and other sounds that may signal an emergency situation. If Astro detects a “stranger” in the house — someone not recognized using face recognition, it will follow that person around the house. (As a security tool, the follow-the-intruder feature is easily defeated when there’s more than one intruder or when a burglar drop-kicks the Astro across the room.)

The robot returns to its charging bay to charge itself, much like a Roomba does. It can “patrol” the house on a schedule, checking for motion. It will follow you around like a hungry dog if you tell it to. A feature called “hangout” prompts Astro to stay near where people are in the home (“in case it’s needed”), unless someone says “Astro: Go away.”

The two-foot tall Astro contains cameras and sensors that create a 3D map of the inside of your house. You can name the rooms, so later you can tell Astro using voice commands to go into specific rooms. It uses face recognition, so it knows who’s in your house. (It will only recognize users who explicitly register their faces with the device.)

In short, the Astro duplicates other Amazon products and, beyond rolling around, doesn’t do anything for users that can’t already be done by other Amazon products.

And I predict that rolling around will be a problem. Sure, the Astro can easily navigate the fake homes in the Amazon promotional videos — clean, dry wood floors and tight, low carpets. I doubt it will fare well in real homes, with toys and laundry on the floor, thick throw rugs and other real-life obstacles. It can’t go up or down stairs, or outside. It can’t go over bumps or level changes in a house. Despite the AI hype, it almost certain will get flummoxed over navigational issues.

The other user “benefit,” is cuteness. It’s designed to simulate a pet, to some extent.

Astro’s “eyes” are just animated images on a screen, which at launch may convey limited information by blinking and expressing cartoon emotions, but which could be software-upgraded in the future to show more facial expression and intentions. The robot also turns its head constantly to feign consciousness and to anticipate turns. Amazon designers worked hard to give Astro a simulated “personality.”

Unfortunately, Astro’s “personality” is really just a spoonful of sugar to make the surveillance capitalism go down.

Subscribe free now!





How to build a vulnerability management program

As businesses grow, so does their attack surface: more network-connected devices drive innovation and efficiency, but with more devices comes more cyber risk. Protecting the ever-expanding attack surface is more important than ever, with high-profile vulnerabilities being exploited more frequently—and with more impact. One of the most effective ways to mitigate cyber risk is by creating and maintaining a robust vulnerability management program.

12 reasons why you should hire a hacker

You’ve probably heard the phrase “you don’t know what you don’t know.” It’s a stage of learning most people find themselves in at one time or another. When it comes to cybersecurity, hackers succeed by finding the security gaps and vulnerabilities you missed. That’s true of malicious attackers. But it’s also true of their equivalent on your side: a certified ethical hacker.

A certified ethical hacker can be one of your best specialists for protecting against threat actors. Here’s why

How to build a winning resume

Career advancement is an art form with many facets. One vital tool is your cybersecurity resume, the quality of which can mean the difference between getting an interview for your dream job and not being considered at all. 

Following the standard advice on building a resume will give you a standard resume that won’t set you apart from the pack. Fresh thinking will give your resume a huge advantage. This is true whether you’re an entry-level candidate or applying for a chief information security officer (CISO) position, whether you’re building a security analyst resume or a security administrator resume. 

Yes, it’s important to pay attention to the do’s and don’ts of smart resume building. And, yes, there is a cybersecurity skills gap. But to make your resume stand out from the pack, you’ll want something new and different. Here are some great ideas for building a winning cybersecurity resume for those just entering the field, for the most seasoned veterans and everyone in between. 


Why cyber security demands that nothing and nobody is trusted. Ever.

The zero trust model is going mainstream, and for good reason. The rise in advanced attacks, plus IT trends that include the move to hybrid cloud and remote work, demand more exacting and granular defenses. 

Zero trust ensures verification and authorization for every device, every application and every user gaining access to every resource. This is a complete departure from the old model, where implicit trust was the norm and networks were protected by firewalls, VPNs and web gateways.

What we need now is a cultural pivot — a paradigm shift in how we think about digital defense. A zero trust model is dynamic and constantly changing. After your system verifies the user and device and assures minimum access, it’s vital to monitor, learn and adapt. That means zero trust is a growing, adaptable process.

Here’s what you need to know about zero trust, and why in today’s cybersecurity threat landscape, it’s really the only way to go



Why we don't need laptops or phones anymore

The tablet is a provocative beast.

Make a big one, and people argue over whether it could replace a laptop. Make a small one, and some users want it to be a giant phone. These conversations have repeated themselves since then-CEO Steve Jobs announced Apple’s ground-breaking iPad in 2010.

It was a pointless conversation at the time. Only the most dedicated tech nerds with specific kinds of work could even contemplate a stunt like replacing a phone or laptop with a tablet. Despite all the talk, few even attempted it.

Neither the world, nor the tablets, were ready — so the iPad and other tablets were relegated to lean-back, content-consumption device status.

But suddenly, the idea of actually using a tablet as a work laptop or a tablet as a work phone makes sense for some users, and is possible for most. This is especially true with either this year's 12.9-in. iPad Pro or the new 8.3-in. iPad Mini 6 unveiled this week.

Here’s why tablets can replace phones and tablets now. 

8 surprising ways remote work helps business

The rise of remote work is arguably the biggest change in how we work since the introduction of the networked PC. Yet so many unknowns remain.

When will pandemic-mandated remote work end? We don’t know.

What percentage of those now working from home will return to office work? We don’t know.

Is remote work, on balance, good for business? Or bad? Nobody agrees.

But we have learned a great many things about not only remote work, but office work, too — and the whole way business has been conducted in the past few decades. Because of what we’ve learned, business will function far better in the future.

Here are the eight ways remote work improved business by teaching us how to work together better.

Sorry: The iPhone 13 probably won’t connect to satellites

A smartphone connectivity revolution may be upon us, and I’m not talking about 5G.

In fact, 5G is a bit of a mirage — or, at least, it doesn’t offer what the public thinks it does. If you buy a 5G-enabled phone, it won’t connect to 5G networks unless you find yourself in a rare urban space within range of a 5G base station without the obstructions that limit its access. And even if you are within range, your phone won’t kick over to 5G mode unless you’re doing something super intense. Also: For some people using some carriers in some circumstances, available 4G is actually faster than 5G.

It’s complicated. But the bottom line is that for most users, 99% of the time they spend on their 5G phone will take place over 4G networks.

Satellite connectivity is a bit of a mirage, too. The worst thing about satellite phones is the very high price of a satellite account, and the high price of phone calls and other services. The other downside is that you can’t use satellite phones indoors. So hardly anyone has a satellite phone or mobile satellite service. It’s just not practical for most people.

But the big news that hit today: Apple’s next iPhone could actually be a satellite phone.

Ming-Chi Kuo, who has a solid track record of predicting Apple products and features, said recently in a letter to investors that Apple’s iPhone 13 (expected next month) will support satellite connectivity. 

Here’s what’s really going on.

(Check out the free version of Mike’s List here.)