Security Awareness for Busy People

I am taking the wraps off of my first product ever: Security Awareness for Busy People. Those who know me know that I’m not the type of person to shout my accolades from the rooftops, so this is a bit out of my comfort zone right now. Regardless, I’m proud of my work and I want to share this with the world. Background As I mentioned, this is my first product ever. Throughout my career I have helped other companies build software, maintain secure systems, or train their employees to be better developers/operators/administrators. I have done this as both a full-time employee and as a consultant. I always have these ideas to create products and yet never deliver on them for a couple reasons: ...

March 2, 2020 · 9 min · 1892 words · Scott Brown

Brute-forcing Emailed PDF Paystub Passwords in 30 seconds

A recurring theme in my InfoSec career has been to expose people to how their seemingly-secure practices are actually very insecure. Today I will show one such practice that is quite common. The idea is insidious in that it lulls people into a false sense of security when it takes only a couple minutes to break. This is similar to the security awareness training I provide: I show the audience a physical lock that is heavy and has the words “Secure” engraved in it. Then I show how it can be picked in 8 seconds. Getting over this cognitive barrier – that something isn’t inherently secure just because it looks that way – is tough for people when they first encounter security. ...

May 17, 2019 · 5 min · 1017 words · Scott Brown