Reading list

Pieces that are interesting and/or valuable

"Rethinking encryption", Jim Baker, October 2019.

  • Quote, "But we all need to deal with reality. And in my experience, that’s what the people who have dedicated their lives to protecting all of us—such as the employees of the FBI—usually do best. How else do you stop the bad guys but by living in reality and aggressively taking the fight to them based on an accurate assessment of the facts?"


"I Work for N.S.A. We Cannot Afford to Lose the Digital Revolution", Glenn S. Gerstell, September 2019.

  • Quote, "... the flood of data about human and machine activity will put such extraordinary economic and political power in the hands of the private sector that it will transform the fundamental relationship, at least in the Western world, between government and the private sector."


"A Voice Deepfake Was Used To Scam A CEO Out Of $243,000", Jesse Damiani, September 2019.

  • Quote, "In fact, the voice belonged to a fraudster using AI voice technology to spoof the German chief executive. Rüdiger Kirsch of Euler Hermes Group SA, the firm’s insurance company, shared the information with WSJ. He explained that the CEO recognized the subtle German accent in his boss’s voice—and moreover that it carried the man’s “melody.”"


"Repositioning Australia to face its future", Lesley Seebeck, July 2019.

  • Quote, "Articulating a broader, more coherent strategic vision that aligns with our core values – those that people would fight for – is needed to bring others along on that path. Relying on the formation of a rules-based order no longer suffices; Australia needs to act on a vision of itself that reflects a clear differentiation from authoritarian and illiberal states. Further, should we find ourselves needing to make sacrifices, the community would best be served in fully understanding the why, and the how, those sacrifices align with those values."


"Bots Down Under", Kasada, April 2019

  • Quote, "Bots Down Under reveals aspects of the threat landscape, distinct to Australia, that local businesses need to know. Kasada kicked off in Australia and we’re uniquely placed to see and comment on the threat of malicious automation."
  • Disclaimer; I have no financial interests in Kasada. But I'm an unashamed fan of their work.


"Cyber Indictments and Threat Intel: Why You Should Care", Katie Nickels, February 2019.

  • Quote, "So, why should we as cyber threat intelligence (CTI) analysts and network defenders care about cyber indictments in the first place? Others may have different reasons, but here’s why I cared about making this list in the first place. For this blog and list, I’m focusing on indictments from the US DOJ, but legal documents from other countries could serve similar purposes."


"Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies", Andrew Burt, Jan 2019.

  • Quote, "Today, however, the biggest risk to our privacy and our security has become the threat of unintended inferences, due to the power of increasingly widespread machine learning techniques. Once we generate data, anyone who possesses enough of it can be a threat, posing new dangers to both our privacy and our security."


"Don’t let the nationalists steal patriotism", Anne Applebaum, December 2018.

  • Quote, "That kind of patriotism, linked to bigger ideals about democracy and the common good, is important to think about right now. It might be an antidote to the polarization that social media accentuates; to anger, the emotion that travels most rapidly online; to the cynicism that dominates the Internet more broadly."


"‘Superstars’: The dynamics of firms, sectors, and cities leading the global economy", McKinsey, October 2018.

  • Quote, "By our definition, 50 cities, including Boston, Frankfurt, London, Manila, Mexico City, Mumbai, New York, Sydney, Sao Paulo, Tianjin, and Wuhan, are superstars (Exhibit 5). The 50 cities account for 8 percent of global population, 21 percent of world GDP, 37 percent of urban high-income households, and 45 percent of headquarters of firms with more than $1 billion in annual revenue. The average GDP per capita in these cities is 45 percent higher than that of peers in the same region and income group, and the gap has grown over the past decade."
  • (I added the bold for Sydney.)


"Women in the Workplace 2018", McKinsey, October 2018.

  • Quote, "This early inequality has a profound impact on the talent pipeline. Starting at the manager level, there are significantly fewer women to promote from within and significantly fewer women at the right experience level to hire in from the outside. So even though hiring and promotion rates improve at more senior levels, women can never catch up—we’re suffering from a “hollow middle.” This should serve as a wake-up call: until companies close the early gaps in hiring and promotion, women will remain underrepresented."


"Ransomware Attacks Topped List of Cyber Insurance Claims", Fred Donovan, June 2018.

  • Quote, "Ransomware has become increasingly commoditized with the creators of recent variants offering revenue-sharing agreements to partners. There is no guarantee that victims will get their data back, even if they pay the ransom, AIG observed."


"20 years on, L0pht hackers return to D.C. with dire warnings", Rob Pegoraro, May 2018.

  • Quote, "“Where’s the equivalent of the National Transportation Safety Board crash test results for the software that you’re consuming?” Zatko asked Tuesday."


"Cyberinsurance tackles the wildly unpredictable world of hacks", Josephine Wolff, April 2018.

  • Quote, "“Typically in insurance we use the past as prediction for the future, and in cyber that’s very difficult to do because no two incidents are alike,” said Lori Bailey, global head of cyberrisk for the Zurich Insurance Group."


"Economic Impact of Cybercrime", James Andrew Lewis, February 2018.

  • Abstract, "The Center for Strategic and International Studies (CSIS), in partnership with McAfee, present Economic Impact of Cybercrime – No Slowing Down, a global report that focuses on the significant impact that cybercrime has on economies worldwide. The report concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year, which is up from a 2014 study that put global losses at about $445 billion. The report attributes the growth over three years to cybercriminals quickly adopting new technologies and the ease of cybercrime growing as actors leverage black markets and digital currencies."


"Progressing from tech to leadership", lcamtuf, February, 2018

  • Quote, "I've come to appreciate that hiring decent folks who can get along with others is far more important than trying to recruit conference-circuit superstars. In fact, hiring superstars is a decidedly hit-and-miss affair: while certainly not a rule, there is a proportion of folks who put the maintenance of their celebrity status ahead of job responsibilities or the well-being of their peers."


"Rethinking Cybersecurity", James Andrew Lewis, January 2018.

  • Quote, "Cyber attack does not threaten crippling surprise or existential risk. This means that the incentives for improvement that might motivate governments and companies are, in fact, much smaller than we assume. Nor is cyber attack random and unpredictable. It reflects national policies for coercion and crime. Grounding policy in a more objective appreciation of risk and intent is a first step toward better security."


"Google Spent Years Studying Effective Teams. This Single Quality Contributed Most to Their Success", Justin Bariso, January 2018.

  • Quote, "So what was the most important factor contributing to a team's effectiveness? It was psychological safety. Simply put, psychological safety refers to an individual's perception of taking a risk, and the response his or her teammates will have to taking that risk. Google describes it this way: 'In a team with high psychological safety, teammates feel safe to take risks around their team members. They feel confident that no one on the team will embarrass or punish anyone else for admitting a mistake, asking a question, or offering a new idea.' In other words, great teams thrive on trust."


"How a half-educated tech elite delivered us into chaos", John Naughton, November 2017.

  • Quote, "It never seems to have occurred to them that their advertising engines could also be used to deliver precisely targeted ideological and political messages to voters. Hence the obvious question: how could such smart people be so stupid?"


"Leading in complex environments", Sophie Stone, June 2017.

  • Quote, "Despite this, we often try to make these implementations fit, by imposing on to these problems our own logical lens. Complex problems need complex solutions; they need leaders who can help others adapt to complexity. Further, we need leaders that can use this uncertainty to think and be creative, and be innovative with change. We need to move past wanting to control or minimise complexity, to wanting to leverage it. Complex situations don’t disappear once solutions are put in place. Instead, they move and adapt, hence controlling complexity, or hoping to ‘deal’ with complexity, will not succeed. "


"Your Company Culture is Who You Hire, Fire, and Promote", Dr. Cameron Sepah, March 2017.

  • Quote, "Your company’s employees practice the behaviors that are valued, not the values you believe."


"Serious Financial Crime in Australia, 2017"

  • Quote, "The use of technology in facilitating financial crime is particularly attractive as it enables criminal groups and individuals to identify and target significantly larger groups of potential victims from any location in the world, while expending few resources. Similarly, the use of technology in financial crime can obscure the identity and location of criminal groups and individuals, which makes it a low risk activity with a potential for high return. "


"The Line between Confidence and Hubris", Tim Laseter, November 2016.

  • Quote, "Four early signals can help in navigating these muddy waters. The first two, narcissism and dismissiveness, are warning signs of hubris. The other two, humility and inquisitiveness, are promising signs of justifiable confidence."


"Computer-based personality judgments are more accurate than those made by humans", Wu Youyou, Michal Kosinski, and David Stillwel, January 2015.

  • Introduction, "This study compares the accuracy of personality judgment—a ubiquitous and important social-cognitive activity—between computer models and humans. Using several criteria, we show that computers’ judgments of people’s personalities based on their digital footprints are more accurate and valid than judgments made by their close others or acquaintances (friends, family, spouse, colleagues, etc.). Our findings highlight that people’s personalities can be predicted automatically and without involving human social-cognitive skills."