O'reilly Security Podcast - O'reilly Media Podcast

The O’Reilly Security Podcast: Language as a uniter (or divider), the illusion of control, and how security is made of people.In this episode, I talk with Jack Whitsitt, senior strategist at EnergySec. We discuss the ways in which language can either divide or unite people and organizations, the illusion of control when it comes to security, and how any model or framework for security must include people in order to have any chance of success. Here are some highlights: Language can unite (or divide) I think language is a huge, huge part of our cyber security problems faced right now. You can get people in a room, and they're using the same words, but meaning different things. They're not actually effectively making their world a better place. “Cyber” versus “information” security is something I talk about a lot. When you look at it, it's unhelpful to say, "Well that word doesn't mean what you think it does," and to kind of ostracize that set of thinking from your world view. If we

The O’Reilly Security Podcast: Risk as an emergent property of complex systems, the downsides of security by obscurity, and the new O’Reilly Security Conference.In this inaugural episode of the O’Reilly Security Podcast, I talk with Allison Miller, a product manager at Google and my co-chair for the new O’Reilly Security Conference. We discuss her evolving understanding of the nature of risk and fraud in complex systems; the role of humans in technical systems; the cultural downsides of security by obscurity; and the new conference we’re putting together, which is squarely focused on helping defenders.Here are some highlights from our conversation: Emergent risk in complex systems Early on, I thought of risk as this very vague thing, which I still do. I thought of it as misconfigurations that could be exploited or bugs that could be exploited, that sort of basic thing: something is set up wrong and then someone can abuse it. As I was studying, I started thinking it is really more l

The O’Reilly Hardware Podcast: Evolving expectations for privacy.In this episode of our newly renamed Hardware Podcast, I talk with Ari Gesher, engineering ambassador at Palantir Technologies, and Kipp Bradford, research scientist at the MIT Media Lab.Gesher is the co-author of The Architecture of Privacy: On Engineering Technologies that Can Deliver Trustworthy Safeguards. Bradford is co-author of Distributed Network Data: From Hardware to Data to Visualization, and he's spoken twice at Solid. Discussion points: The difference between security and privacy Ari's notion of what it means to be "polite" in a world where everything is recorded The need and rationale for standards and protocols for IoT devices Links to stuff mentioned in this episode: The Heartbleed security bug that appeared in OpenSSL The Justine Sacco Twitter incident William L