Category Archives: InfoSec

Holiday Project – The (almost) perfect Media Box based on Raspberry Pi

The project over the last holidays was to rework the media device setup for the kitchen which includes the following 3 requirements: Gaming, Music and Video/Streaming. Furthermore, I didn’t want to use a standard Android/Apple device which runs out of support in a few years or ran already out of support. Hence – my choice was a Raspi-3B combined with a 15″ touch screen connected via HDMI.

Let’s dive into the details!

Continue reading Holiday Project – The (almost) perfect Media Box based on Raspberry Pi

Considerations before Firing Your CISO

You and I will get breached – one day – it’s just a question of time. This is what the security community considers as the “assume breach” principle. In order to learn this mantra, we had to go through some pain: hundreds of data breaches throughout the last years and decades of companies of all sizes have demonstrated that it can and potentially will happen to everyone one day. Even worse – this can even happen to companies with strong security teams and budgets available. Strong infosec teams & culture will probably delay the breach but is no guarantee to finally prevent it.
And who is expected to prevent all this from happening: the CISO!

In this article I would like to discuss why firing your security executive (CISO/CSO) in case of a breach is not always the best step you should take. I will bring up some discussion points that raise questions whether problems could reside much deeper in your organization and making pawn sacrifices is rarely resolving the problem completely.

This article has been flying around for some time on my todo-list and it’s far from perfect since discussions could get into much more details – but I hope I’m able to transfer the core points of my opinion.

Continue reading Considerations before Firing Your CISO