How do you protect big data?

The secret to protecting big data isn’t to put it under a big tarp. Or to guard it with a big dog. No! The secret to protecting big data is encryption. And you don’t even need big encryption. Just regular encryption will do it. Information security is all about the basics: access control, authorization, confidentiality. […]

I’m Enterprise Security MVP for 2014

My Microsoft MVP-ness got renewed for the sixth consecutive year! I’ve been keeping busy. Check out my public MVP profile; it lists the technical community-oriented activities that have made me worthy.

Please welcome Jeff Sigman to JW Secure!

Our rock star technical team has just grown to include fellow ex-MSFT colleague Jeff Sigman! Jeff started at Microsoft in 1997 and spent most of his 16 year career in the Windows division focused on networking and security. His work can be seen in every major Windows release since Windows 2000 and included software development […]

Secure Endpoints, Secure Network at NYU-Poly THREADS Conference

Thank you very much to the NYU-Poly THREADS conference organizers for hosting the DARPA Cyber Fast Track presentations yesterday. It was an honor to be among the CFT awardees, and an honor to be on the THREADS list. If you missed my presentation and/or want to review the slide deck, it’s below. Secure Endpoints, Secure […]

Usability and threat modeling: two sides of the same coin

Usability and security are one of the classic tradeoffs in software design: it’s rarely possible to optimize both. But just like a fader on a mixing board, there’s an ideal balance. You just have to take the time to listen and find it. Want to learn more about how to dial in the usability and […]

Protect your data and keep the money flowing

I’ve written before about the importance of protecting data on the move in scenarios such as a traveling executive. Imagine the potential damage to reputation and future revenue if a laptop is left in the back of a taxi, and the hard drive is filled with acquisition plans, product source code, emails to the board […]

Building Plug-ins for Network Access Protection

The sample source code download link at the beginning of this MSDN article, Building Plug-ins for Network Access Protection, unfortunately became broken at some point along the way. You can find the source code here: Registry SHV/SHV reference code for NAP. Disclaimer: that code is not being maintained and has not been updated since the […]

Learning to trust machines, if only briefly

It’s easy to forget that, when we talk about authenticating users on the internet, the two ends of the connection are rarely humans. Instead, it’s one computer talking to another. And while your bank may trust its own servers, why should it trust that the user’s laptop is operating correctly on the user’s behalf? After […]

Strong Authentication Using Your Mobile Phone

Google has been doing it for years, and now companies ranging from 37 Signals to Microsoft are incorporating it into their cloud hosted services: phone-based user authentication. Static passwords – the kind everybody uses to check their email, log into Facebook, etc. – are the weak link in online account security, and replacing them with […]

Using NSA Tradecraft to Protect Data on Mobile Devices

Congratulations to our fellow members at the Trusted Computing Group for a successful Trusted Computing Conference this week in Orlando. I presented Using NSA Tradecraft to Protect Data on Mobile Devices, and I understand from the conference organizers that the video recording and slides will be posted. Hope to see you next year, same time, […]