Interesting Links
Categories
Books
A list of all recommended books
Sites
"Heavily outmatched by asymmetric adversaries, our security teams have no way of training, checking their procedures, and stress testing their ability to cope with the realities on the ground."
"We make bags and accessories for people who are going places."
"Establish baselines. Look for anomalies. Have a plan."
"Founded in 2002, Mk II exists to re-imagine inspirational ideas, designs, and concepts from the past. Some lost to history, some before their time, and others taken for granted by the present day that are waiting for renewal. "
"A peek inside my random interests and gear hacking projects — a collection of thoughts, ideas, and whatever catches my attention."
"Unconventional security for an urban environment."
"Badass Israli Tactical Knives."
Blogs & Podcasts
"Protection Circle primarily discusses corporate sector surveillance detection and covert protective operations, but also covers various subjects in the fields of intelligence, private security, executive protection and terrorist activity prevention."
"The Business of Security is designed to share lessons learned over the last 15 years running a security consulting practice."
"My objective in writing these articles was to share the knowledge and experience I’ve gained working in the field of travel security for the past 22 years. The process of writing also helps me explore the topics I’m interest in more deeply."
"The intel that informs my day. A curated list of interesting content covering cyber, security, espionage, history, and whatever else is cool"
"Urban Commuter was born out of this experience. In this site, I'll try my best to talk about what I have learned, how I approach blending in with the environment in order to be safer, and what gear might be best to remain nimble and move fast."
"Learning to read universal signs of human behavior allows you to confidently make sense of situations, identify a person’s intentions, and get left of bang."
"Discreet services for clients with a global remit."
"Spartan9 offers expert assistance to help your organisation operate safely, securely, and successfully in complex environments. We specialise in four practice areas: crisis management, travel security, security evacuations, and intrusion testing."
Security
The Six Dumbest Ideas in Computer Security (2005 and still very relevant today)
"Let me introduce you to the six dumbest ideas in computer security. What are they? They're the anti-good ideas. They're the braindamage that makes your $100,000 ASIC-based turbo-stateful packet-mulching firewall transparent to hackers. Where do anti-good ideas come from? They come from misguided attempts to do the impossible - which is another way of saying 'trying to ignore reality.'"
"We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed as “hard” problems by any measure. Despite progress, more research is needed here. While there is much academic, government and private sector sponsored research underway I wonder if some alignment between all these efforts to focus on a smaller set of foundational problems would be more fruitful. The challenge is to agree on what these are."
Why Bloat Is Still Software’s Biggest Vulnerability
"The way we build and ship software these days is mostly ridiculous, leading to apps using millions of lines of code to open a garage door, and other simple programs importing 1,600 external code libraries—dependencies—of unknown provenance. Software security is dire, which is a function both of the quality of the code and the sheer amount of it. Many of us programmers know the current situation is untenable. Many programmers (and their management) sadly haven’t ever experienced anything else. And for the rest of us, we rarely get the time to do a better job."
The 4th in the 5th: Temporal Aspects of Cyber Operations
"Time is no one’s friend. In the long run we’re all dead, but let’s narrow the perspective and examine how time impacts cyber operations."
10 Red Teaming Lessons Learned Over 20 Years
"I’ve been a red teamer for twenty years now, perhaps even longer, but I didn’t know what to call it until 1995 when I started working with the Department of Defense. I’ve also been fortunate to participate in or lead hundreds of red teams within many divergent disciplines ranging from strategic and tactical cyber to physical security threats like infectious diseases or nuclear power plant targeting to more abstract items like Joint Operating Concepts."
Ignore the Penetration Testers
"There are a lot of people generating a lot of text about cyberwar, cyberconflict, cyberweapons, cyber everything. They are, for the most part, completely wrong. I firmly believe that a technical background, particularly a security background, is critical to understanding the fifth domain (you guessed it: cyber.) But technical chops are not enough, or even necessarily a prerequisite, to speaking with authority on the subject."
"Proper Planning and Preparation Prevents Piss Poor Penetration"
Controlled Chaos: The Inevitable Marriage of DevOps & Security (PDF)
"Software is eating the world. DevOps drives its devouring. Infosec has a choice: marry DevOps or be rendered impotent & irrelevant"
Protecting Information in the Field
"Practical and actionable techniques you and your organisation can apply to protect information when operating in higher-risk environments."
Strategies Against Hostile Surveillance
"Surveillance, as I’ve previously explained, is a wide, deep and varied field, which in turn means that the strategies against it are no less wide, deep and varied. And though there are endless ways of looking at this field, and endless categories, subcategories and combinations of categories, in order to properly discuss this subject, we simply must start at some fundamental point."
Lessons from Physical Intrusion Testing: Exploiting Poor Security Design
"How do you bypass a door fitted with alarm sensors? How do you avoid detection by Passive Infrared (PIR) sensors? While interesting problems to solve, such an approach misses the fact that many facilities are inherently vulnerable simply as a result of poor security design."
Security Architecture Anti-Patterns
"This security paper describes some common patterns we often see in system designs that you should avoid. We'll unpick the thinking behind them, explain why the patterns are bad, and most importantly, propose better alternatives."
General Knowledge
"A 'Mattis Way of War' is postulated in the conclusion which draws from his use of history, commander’s intent, and leadership to build up a capacity, or potential energy, for action in his unit. Once built up, he unleashes this energy utilizing explicit trust in his staff and subordinates."
Understanding Complex Problems
"The more that you can understand a complex problem, the more you can understand your options in tackling it."
"Let's say you were employed as a CTO behind the front lines and you wanted to destroy productivity for as long as you can without getting caught. You can of course make a series of obviously bad decisions, but you'd get fired quickly. The real goal here is to sap the company of its productivity slowly, while maintaining a façade of plausibility and normalcy. What are some things you can do?"
How to disappear, Grant Rayner
"How you can better blend in to your environment to reduce the risk that you may be targeted by criminals, kidnappers, or terrorists."
"Why doing hard things can transform us, and how to navigate challenge better."
"...they showed the fear, awe, envy and resignation typical of people in varying forms of competition who are suddenly faced with the realization that someone nearby is in a slightly different and better class than they."
Antifragile Planning: Optimizing for Optionality (Without Chasing Shiny Objects)
"How do you retain optionality without running around chasing shiny objects? How do you focus on something long enough to make meaningful progress without myopically locking yourself in?"
"What’s your problem? I think I know. You see it in the mirror every morning: temptation and doubt hip to hip inside your head. You know it’s not supposed to be like this. But you drank the Kool-Aid and dressed yourself up in someone else’s life."
"This is a recipe. Some ingredients are hard to come by, and even more difficult to prepare..."
10 Hotel Safety Tips from a Former Intelligence Officer
"Throughout my career, I have checked into my fair share of hotels around the world, and whether I am traveling on business or for pleasure, I am always conscious of the fact that hotels are a target for criminals, terrorists and the mentally unstable (think stalkers)."
Interesting Misc. Things
Concise explanations accelerate progress
"If you want to progress faster, write concise explanations. Explain ideas in simple terms, strongly and clearly, so that they can be rebutted, remixed, reworked — or built upon."
"Have you ever asked a person a question where there is an unnatural delay in the response? It’s unsettling. You’re left questioning if the person heard you, if they understood, or if they’re just ignoring you. People expect a response in a certain amount of time, otherwise things get weird. The same can be said with peoples’ expectations of software. When they click a link, they expect the page to load within a certain amount of time. When they tap a button, they expect an immediate response. Otherwise things get weird. Speed needs to be a core tenant of software design in order to make good on that contract."
Amateurs obsess over tools, pros over mastery
"Anyone who posts silly lists like "15 AI tools you can't miss" is truly the one who is lost"
Minimalism and the Art of Photography
"Embrace the freedom of limitation"
How a Bedouin Tracker Sees the Desert
"On a seemingly blank, sandy canvas, signs and symbols abound."