I don’t do New Year’s Resolutions. I try to plan instead. So this year will be no exception. I have three goals when it comes to cybersecurtity:
My first goal is to learn more about locks and physical security. I think I need to better understand how bad guys can break into facilities. I do know something about tumbler locks and RFID access and so forth, but I want to understand the vulnerabilities and latest attack methods. My new phone (a Samsung Galaxy SIII) supports NFC (Near Field Communication) so I want to see where that’s used in real life for physical access, and how it can be spoofed.
Goal #2 is to try to get a handle on the passwords I have spread over the web. Clearly I have the list in my KeePass, but there are some duplicates in there, some sites I have yet to add, and I know there are sites I haven’t visited in donkey’s years – I don’t even know how many of the latter are still around!
The final goal is to improve the techniques I use for trying to get people to think more about security. That will mean working more on this blog and working more on Learning Tree’s Introduction to System and Network Security course. My primary focus for that class will be working on the tools and techniques I use to help motivate people to think and act more securely.( And that seems to apply to this blog, too.)
I’ve been reading Dan Pink’s new book To Sell is Human. I got it on 12/31: the day it came out. I’ve been anticipating the book because I’ve realize for a long time that much of teaching and training is marketing. He makes a case that it is “selling” and I agree that is a major component, too. I’ll talk more about his book in a future post. As I read the book I’m learning more about “moving” people. That, I suppose, is the3 real goal: moving people toward a security mindset.
Sure, I have other goals in my life including losing some of the weight I gained over the holidays (although everyone seems to have a goal like that), reading more, cleaning up the office and studying more Spanish.
You probably have some goals that relate to security also. Let us know what they are in the comments below. And if you would, please, also let us know your barriers to implementing more secure systems.