Security Capabilities

Being Capable We talk a lot in security world. Most of the time we seem to talk about all the possibilities when we need to talk more about what we can actually do. What are we capable of doing? We do we need to be capable of doing? Being Capable with Capabilities When we want to talk with our partners, whether those partners are business-related, very technical or just your managers, you need some consistent way to describe what security does.

Ecstatic Over Static Passwords

Well maybe not ecstatic but it is pretty exciting that I have been carrying around a way to house a strong static password and didn’t even realize it. I have had a Yubikey for over a year now and have used it successfully with LastPass. A YubiKey is a handy USB or Near Field Communications (NFC) device that can generate a variety of authentication responses. The default is a One Time Password (OTP) that can be verified via a server running the Yubico software.

Architect from Hole in the Ground

Well maybe that is a little extreme but sometimes titles do seem to get twisted up especially in our title-laden world. My title Security Architect has the word Architect in it but how closely related is that to an Enterprise Architect? Are we second-cousins three times removed or are we just not related at all? The Roles It might make more sense to work through the main types of roles you might see on a daily basis.


Data breaches cost over $150 per record. An identity is stolen every 3 seconds. DDoS attacks are up over 43% this year alone. Some random statement on how poor most passwords are these days. Does this droning sound like what is driving your security program? Even though these facts are true they may not win the hearts and minds of your security decision makers. Everyone seems to have these facts these days so in a way they are becoming background noise.

Order of Things

Sequence Diagrams I am not a huge fan of traditional UML diagrams for long term documentation. Most diagrams are quickly rendered old and useless. There are times though when you need to convey the sequence of operations between several entities. It is hard to beat the Sequence Diagram for those situations. There are plenty of tools that let you build some very sophisticated Sequence Diagrams. I try to avoid spending more time building a Sequence Diagram than it would take to write the code behind the diagram.