Turn left two times to 33… What the heck? Okay, so it’s an odd headline, but it has a very real meaning–to me at least, and I want it have one to you, too. When I was a young boy my father got me a safe so I could keep things away from my little brother. It was about 6” by 6” by 4”–not big by any standards, but big enough for most of my money. It even had a slot in the top so I could add money without exposing the contents.
The whole combination to the safe was “Turn left two times to 33 then right to 45.” While the safe was not secure by any real standards, it did its job–it kept my money away from my brother. So it fulfilled its security need.
This blog is mostly for those just “getting their feet wet” in security. From time to time I’ll post things that are a bit more advanced and I will also link to some sources for those who want more meaty topics. Of course, Learning Tree has other security courses, too, and they focus on specific topics. I’ll mention those, too. But I plan to stick to topics that, for the most part, appeal to a wide audience. There are three reasons for that: the security course I co-wrote for Learning Tree is an introductory course: if focuses on concepts and developing a proper mindset. That’s the second reason I am targeting a broad audience: I want to promote a security mindset. Finally, I want readers of this blog to learn to assess tools, actions and ideas to see what threats they are intended to mitigate. For instance, why do many organizations require complex passwords?
I do want comments to these posts. Of course, comments like, “That was great, I just signed up for your Learning Tree class” are probably my favorite, but other comments are welcome, too. When I teach I find that people learn a lot more when they can discuss a topic than when they just hear someone talk about it. It seems true with a venue such as this, as well. I hope that each installment will give you either a bit of knowledge, an idea to think about, or something you can put into practice right away. The question above should be something to think about: why do people often recommend complex passwords (if, indeed, they use passwords at all)? I have some thoughts on that, and I will share them in the future. For now, instead of taking it as something to do for security purposes, think of what good that complexity does.