We Can All Be Successful…

…as long as WE are the ones who define success for ourselves. Otherwise 99.9% of the world’s population would fall well short.

Seems obvious, right? For example, if you take money as a measure of success, for every billionaire (~2,600 as of 2019) there are nearly 3,000,000 people who are just ‘getting by’. So for the vast majority of us, the chances of being a big success [in monetary terms] are very slim.

The same applies for any other success factor where you are comparing yourself to the world’s best, there is very little room at the top.

Continue reading

Beware of the ‘Pet Rock’ Cybersecurity Vendors

In April 1975, Gary Dahl had an idea. A genius idea as it turned out, particularly when you consider that he made roughly $28 million dollars (adjusted for inflation) from something that was, to all intents and purposes, completely useless.

The Pet Rock was just that, a rock. No paint, no googly eyes, nothing, just a rock taken from Rosarito Beach, packaged up and sold for $20 each.

He sold 1.5 million of them.

Continue reading

A Good Cybersecurity Consultant Never Uses the Word 'Recommend'

According to the Tinterwebs, to ‘recommend’ means to; put forward (someone or something) with approval as being suitable for a particular purpose or role.

So you might argue that this is exactly why you hire a consultant in the first place. In some professions I would absolutely agree. A doctor [for example] would not just recommend that you quit smoking, they would – and should – bloody-well insist. However, everyone on the planet already knows that smoking is stupid, so they are doing so with full knowledge of the possible consequences.

Continue reading

Froud on Fraud – Cybersecurity Predictions for 2020

In 2016 I predicted that:

  1. Identity Management will begin to replace single-factor authentication;
  2. Identity Management will be decentralised onto consumer mobile devices;
  3. HOW you pay will become increasingly irrelevant;
  4. Value-Add Services and Customer Service will be the only differentiator;
  5. Loyalty Programs will begin to centralis;

Even 3 years later only 1 of these things is becoming [slightly] true (#1).

In 2017 I predicted that:

Continue reading

What's in the Draft PCI DSS v4.0?

In late 2020, the PCI DSS v4.0 will be released. And in what promises to be an even more significant change than that from 2.0 to 3.0 (released in Nov. ’13), there is, rather unsurprisingly, a great deal of interest in its contents.

So what’s in it?

I’ll be honest, I can’t tell you, or more to the point, I’m not ALLOWED to tell you as the draft version is currently in ‘Request for Comment’ (RFC) status. Yes I have read it, not only that, I have mapped it line-by-line to v3.2.1 and analysed the differences in detail. I have even written a brief on what I consider the impact of those changes will be, but it will have to remain unread until the moratorium is lifted.

Continue reading