

Ira Winkler
Contributing Columnist
Ira Winkler, CISSP, is president of Secure Mentem, and author of the forthcoming book, Advanced Persistent Security. He can be contacted at securementem.com.


The flaw in applying culture to awareness programs
I appreciate that organizations are beginning to realize that they need to understand their corporate culture in their implementation of awareness programs. It is long overdue. Unfortunately as a concept, it is being grossly...

Making the GRIZZLY STEPPE Joint Action Report useful
I was surprised when I saw the cynicism to the Joint Action Report (JAR) put out by the Department of Homeland Security and FBI. It seems like it is cool to criticize the report, and that can be a disservice to the whole industry.

The security gift guide
Give the gift of security, so people will give you the gift of not asking for help and advice.

What awareness is supposed to be
Recent W-2 and accounts payable thefts show governance should be the cornerstone of awareness.

What is phishing awareness success?
A recent article asking the question to security professionals seemed to miss the mark, and raises more questions than it answers.

Pokemon Go: What security awareness programs should be doing now
Pokemon Go represents a tremendous security threat. As with all tremendous threats, it can also be your greatest opportunity.

9 reasons why your security awareness program sucks
I have come to the conclusion that most awareness programs are just very bad, and that like all security countermeasures, there will be an inevitable failing.

Did NSA underestimate the insider threat?
In this edition of the Irari Report, Ira Winkler and Araceli Treu Gomes continue their interview of Chris Inglis, former Deputy Director of NSA. In this segment, they focus on how an organization that is so aware of the insider threat...

Former NSA deputy director says Edward Snowden lacks courage
Thoughts from Chris Inglis, former Deputy Director of NSA, about whistleblower Edward Snowden’s reasons for leaking classified NSA documents

Charges against Iranian hackers are ignorant, cowardly and dangerous
Iranian and Chinese governments directed and funded attacks, so why are Iranian and Chinese citizens being charged instead of the governments that directed their actions?

Behind every stupid user is a stupider security professional
Security professionals should look in the mirror, before declaring a user, “stupid”.

5 facts about Apple and the terrorist’s iPhone
The truth behind the hype and misunderstandings surrounding the case.

FBI/DHS hack shows need for role-based security awareness programs
When a hacker released the contact information of 9,000 DHS employees, it was the result of several awareness failings. The reality is that these are failed awareness programs that are typical of industry as a whole.
Twitter’s takedown of ISIS accounts still unsatisfactory
While Twitter is making some efforts to thwart ISIS recruiting, fundraising, and planning efforts, there is still much more to be done.

The threat of shoulder surfing should not be underestimated
Ira Winkler questions a recent column on the topic of shoulder surfing, also called visual hacking, and suggests that a better understanding of security awareness would go a long way.
The stupidity of cybersecurity predictions
Security industry prognosticators rely more on marketing, hype, and our own bad memories than any knowledge of security past, present or future.

How Anonymous really targets ISIS
With the ISIS attacks on Paris, Anonymous declared war on ISIS. The reality is that is more hype than fact, and misleading.

ISIS uses US hosting services to avoid intelligence agencies
Ira Winkler and Araceli Treu Gomes learn that ISIS has purposefully been using Google and Amazon Web Services to avoid US and international intelligence agencies.

Pardon all marijuana offenders: John McAfee Day One as President
McAfee details about his plans for his first year as President of the United States.