Corporate Security

Healthy InfoSec Scepticism – A Borrowed User Guide


Better science is needed in InfoSec for the industry to build and retain credibility.  It’s also our responsibility to help the board pick the bits out of consultant and vendor claims. Never more so than now, with social media spewing forth FUD pomoting headlines about cyber, IoT, BYOD, big data and Heartbleed-like threats.

This infographic, (click the image below for a PDF version), was designed for the pure science community, but is no less useful for InfoSec bodies.  It can guide your efforts to validate threat and vulnerability killing sales pitches.


Shared with permission from Alan Brunning

Or, as Beau Woods said, it has the makings of a good drinking game for Black Hat, DEF CON, InfoSec, RSAC…

For an industry specific perspective on the fallout from half truths, check out this excellent article “The Meaning of Hype” on Tripwire’s The State of Security blog.



2 replies »

    • LoL, you’ll have to stick to one for in-house consumption or get the usual suspects together at InfoSec for some Bad InfoSec Science bingo.

      Anyone up for creating a complete your own web form version I can post for re-use?


Want to add to the discussion?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.