Practical Cybersecurity, Part 2 – Expertise
ExpertiseIf we want to teach people to be cyber aware, they need expertise. But how much is enough? Do we want people to become security experts? Or just good enough to resist most types of scams?In...
View ArticlePractical Cybersecurity, part 3 – Experience
Whenever people learn new information, they do it in a way that fits in to their current experiences of how they view the world. There is a children’s book called Fish is Fish. The book is about a fish...
View ArticlePractical Cybersecurity, part 4 – Metacognition
MetacognitionA third technique that supports transfer is teaching methods that incorporate metacognition. Metacognition is “thinking about thinking” – understanding the reason behind a concept. For...
View ArticlePractical Cybersecurity, Part 5 – What should we teach?
What concepts should we teach?What topics are the most important ones for users to learn? There are so many possibilities that it is hard to narrow down to only a handful. If we only got to pick three,...
View ArticlePractical Cybersecurity, Part 6 – Bringing it all together
How young to start?Where should we teach cyber security? Should it be something that people learn on their own time? Or is it something that should be included into formal education?Paypal recently...
View ArticleTeaching consumers security habits
I thought I’d round out the year with a summary of Randy Abrams’ talk from Virus Bulletin entitled Teaching Consumers Security Habits from this past year’s 2012 Virus Bulletin Conference in Dallas, TX....
View ArticleOut of the office for a while
I’m out of the office for a while so there won’t be many updates to this blog in January, 2013. See you when I return!If you’re wondering where I am, here’s a clue:Yes, experts all say that you...
View ArticlePhishing infographic – how phishing works
A reader sent me the following infographic detailing how phishing works. Check it out:It contains statistics on the prevalence of phishingSome characteristics of phishing messages, and Some advice on...
View ArticleHanging around Buenos Aires
For the last bit of December 2012 and the first part of January 2013, my wife and I were traveling in Argentina and Chile in Patagonia, the southern part of the country. The final two days were spent...
View ArticleStill no blog posts this year
You may have noticed I haven't posted much this year. The reason is that I have been very unmotivated. I don't know why; I guess after six and a half years of writing I am running out of things to say....
View ArticleWhat I’ve been up to lately – my Kickstarter project!
As I wrote about a week and a half ago, I haven’t written a lot about antispam and security so far in 2013. But I haven’t been idle.No, instead I have been working on another project – launching a...
View ArticleGuest post: Lessons learned from the recent Mandiant report about APT1
Today’s post is a guest post from Megan Horner, Social Media Manager & Marketing Coordinator of trainACE. It is regarding a recent security report issued by Mandiant, entitled APT1: Exposing One of...
View ArticleWhat I’ve been up to lately
It’s been a long time since I have written anything on this blog. I haven’t been idle, though. I’ve been doing several things that I have prioritized over blogging. Here's a summary:Trying to get an...
View ArticleHow to set up your SPF records if you are outsourcing some, or all, of your...
I thought I would do a few posts on email authentication, specifically, how to ensure that you have good sending reputation and the proper way to set up your SPF records. In future posts, I plan to get...
View ArticleHow to set up your SenderID records if you are outsourcing some, or all, of...
In my previous post, I discussed how to structure email such that if it comes from a 3rd party on behalf of you, it will pass an SPF check.But what about passing a SenderID check?To solve this, we...
View ArticleHow to set up your DKIM records if you are outsourcing some, or all, of your...
In my last two posts on outsourcing your email, I explained how to set up your SPF records if you are outsourcing your advertising email, and how to set up your SenderID records if you are outsourcing...
View ArticleHow to set up your DKIM records if you are outsourcing some, or all, of your...
In my previous post, I described how you can set up DKIM records if you are outsourcing your advertising email to a 3rd party. In summary: You don’t have to do anything.However, this comes at the cost...
View ArticleHow to setup DMARC records if you are outsourcing some, or all, of your email...
In my previous posts, I discussed how to set up your SPF, SenderID, and DKIM records if you are an organization that outsources some of its email to a 3rd party, such as advertising. For example, an...
View ArticleHow to setup your DMARC records if you are outsourcing some, or all, of your...
Continuing on in our series on authenticating outsourced email, how do we outsource our email such that we also pass a DMARC check?First, decide if you want DMARC to pass via an SPF check or a DKIM...
View ArticleI don’t have to do anything and my credit card information gets breached
Yesterday, while reading a book on my Kindle app (on my PC), I got an email from American Express with the subject line “Fraud Protection Alert.”“Fraud protection?” I said (out loud, to no one in...
View Article