Daniel Szpisjak
States of data
Probably the most valuable thing you need to protect is data. You may own this data, or you may just be the custodian. It might be sensitive such as PII and credentials or just metadata you collected and organized. No matter its type and content when you think about its security here is what you need to keep in mind. Data is kind of like water. Water is essential for life just as data is critical to the business.
Daniel Szpisjak
How much security is enough?
As a security engineer, I regularly work with developers. Together we draft various ideas and try to find the best possible solution to the problem at hand. During this process, the following question always comes up in some form: how secure should this be? Simple as it may seem, usually a lot of thought goes into answering this. Let’s see why! There are quite a few things in play here: legal and business requirements, the risk of exploitation, cost of mitigation, loss expectancy, business impact, etc.
Daniel Szpisjak
A guide to software engineers in the field of IT security
Hey, I am Daniel and my mission is to guide software engineers, like you, in the field of IT security. Think of me as a good friend, who has been here for a while and knows the clever little tricks you need to stay out of trouble. Security used to be a hobby of mine; now it is my passion, my craft. This blog is the collection of my thoughts and notes about IT security.