Profile of Ira Winkler

CISSP, President, Secure Mentem News & Commentary Posts: 10

Ira Winkler is president of Secure Mentem and author of Advanced Persistent Security.

How to Gauge the Effectiveness of Security Awareness Programs

8/21/2018
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Post a Comment

The Fundamental Flaw in Security Awareness Programs

7/19/2018
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Post a Comment

Indicting Chinese Military Officers Is A Huge Mistake

5/29/2014
Blaming soldiers following lawful orders only deflects from the government's responsibility to impose trade sanctions and take more useful measures.
Post a Comment

NSA’s Big Surprise: Gov’t Agency Is Actually Doing Its Job

4/4/2014
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Post a Comment

Target Mocks, Not Helps, Its Data Breach Victims

1/22/2014
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
Post a Comment

Why Security Awareness Is Like An Umbrella

12/5/2013
A small security awareness program will protect you as much as a small umbrella. So don’t complain when you get wet.
Post a Comment

Make The Most Of National Cyber Security Awareness Month

10/1/2013
NCSAM is a catalyst to get extra attention for your security programs
Post a Comment

Arguments Against Security Awareness Are Shortsighted

3/25/2013
A counterpoint to Bruce Schneier's recent post on security awareness training for users
Post a Comment

Stupid IRS Spam

9/30/2009
I believe that anyone who uses the Internet on a regular basis has to know that most e-mail messages are spam, and possibly part of a fraud scheme. I also realize that some people are more aware than others, and that some criminals are clever. But the current spread of an email message that claims to be from the IRS accusing a person of fraud demonstrates that naivete that runs deep on the Internet.
Post a Comment

Why Social Engineers Need Training

9/10/2009
Many security professionals who think they know anything about penetration testing also think they know enough to perform social engineering. After all, they are successful time and time again, so they think they know what they are doing. However, what follows is a textbook example of how a little knowledge in the wrong hands can be very dangerous.
Post a Comment