Brigadier General (retired) Gregory Touhill was the first federal CISO of the United States. Fresh from that role, he did an interview with the Information Security Media Group (ISMG) during a visit at RSA 2017.

I wrote about this before in a post called “Big Things and Small Things”. I documented how two very large companies failed to support Information Security in a corporate environment with even a basic level of accommodation. More came to light this week when reviewing Microsoft Exchange 2016...

As usual, we have the requisite Information Security Predictions for the coming New Year:

Jeff Harris, vice president of solutions for Ixiamp, sees a ramp up in weaponization of the Internet of Things (IoT) to carry out widescale DDoS attacks in 2017

James Carder, CISO of LogRhythm, predicts that in 2017 we could be in for a total shut down of the Internet for up to 24 hours

Lamar Bailey, senior director of security R&D at Tripwire, believes 2017 will see the return of the worm with IoT devices

Bruce Snel of McAfee sees IoT malware opening a backdoor into homes

From time to time, I like to compare and contrast the nascent Information Security profession with more traditional and established occupations. For example when I had lunch with a police officer friend and gave it some food for thought.

As recent events with the Democratic National Committee (DNC) being hacked solidify the fact that we cannot seem to secure anything connected to the Internet, one has to wonder if elections can also be hacked. The topic of “Hacking the Vote” reminds me of one of my favorite InfoSec security maxims; “high technology is often taken as a license to stop thinking critically”.

In the past, I wrote about Microsoft’s “Asimov” and how it appeared to be running on my Windows 7 machine. I was not participating in the Microsoft Customer Experience Improvement Program but a KB was loaded and producing errors related to that program. I describe such applications as Privacy Invading Technology (PIT).