Dave Lewis

Dave Lewis has over 20 years industry experience. He has extensive experience in IT operations and management. Currently, Dave is a global security advocate for Akamai Technologies . He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Dave also serves on the (ISC)2 Board of Directors. Prior to his current role, Dave worked in the finance, healthcare, entertainment, manufacturing and critical infrastructure verticals. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, Social Security Administration, US Postal Service and the US Department of Defense to name a few. When not at work Dave can be found spending time with his family, playing bass guitar and polishing his “brick of enlightenment”.

Wikileaks, CIA documents and some sober thoughts

Privacy issues in 2017

Privacy issues in 2017

Decades ago privacy really wasn’t that much of an ongoing issue. In the days of agrarian society everyone seemed to know about everyone else’s business and personal lives. As we moved forward into an era of denser population...

RSA 2017: what are you trying to solve?

RSA 2017: what are you trying to solve?

This year at the RSA Security Conference some 40,000 people packed the halls of the Moscone center in search of solutions (and light up swords) to solve their problems. Whatever the issue, they were looking for a salve to sooth...

RSA 2017 notes: privileged accounts and blunders

RSA 2017 notes: privileged accounts and blunders

Privileged accounts are a necessary evil for a lot of organizations. These accounts allow for users to be able to do work that, in some cases, lead to unfortunate results if misused. But, how many organizations do a good job at...

Notes from RSA 2017

Notes from RSA 2017

Every year San Francisco plays host to a massive show in the guise of the RSA Security Conference. The city becomes awash in a sea of interlopers wandering about the streets adjacent to the Moscone Center with their name badges...

Wordpress 0-day content injection vulnerability

Wordpress 0-day content injection vulnerability

Today news broke of a particularly nasty zero day vulnerability in the Wordpress REST API. The vulnerability in this case would allow for content injection as well as privilege escalation. This vulnerability would an...

System agent bloat: too many slices

System agent bloat: too many slices

Many years ago, in simpler times, I was responsible for the security program that included the controls which protected (in theory) against malicious files and programs that were hell bent on causing mischief. We had agents on our...

5 Canadian security conferences in 2017

5 Canadian security conferences in 2017

As every year I find myself working through the list of upcoming conferences around the world. One thing that I’ve always been pleased about is the rich variety that is available right across Canada throughout the year. I’m going...

All through the house, not a hacker was stirring...

All through the house, not a hacker was stirring...

The holiday season is a time to spin down and relax for many people. Where we hang up our spurs, or rather, we tuck the carry-on suitcase into a corner at least five feet away from the door. But, as with every holiday season we...

War stories: escalation attack loopback

War stories: escalation attack loopback

Last month I shared some stories about events that I’ve had to contend with over the last 20 years. One incident that I recall was a particular individual who thought that only scanning up to port 1023 was the only proper way to...

War stories: diary of a box hugger

War stories: diary of a box hugger

After years in the information security space there are few things that get me misty eyed like a massive data center. In part because it gives me a chance to reminisce about the good old days. Hundreds of hours sitting cross...

War stories: for your eyes only

War stories: for your eyes only

There are few things that make for as amusing reading as an acceptable use policy. In some organizations that I’ve been through, it was clear that no one had ever read their unicorn-esque like policy document. Some of the...

Load More