On #edsec: Education’s massive security problem

Dinosaurs are a very important part of the security conference experience.
Dinosaurs: a very important part of the security conference experience.

A few months ago, I gave a talk at BSidesLV on the state of security in education technology. My talk, #edsec: Hacking for Education isn’t a hacker talk in the truest of senses— I had no l33t, sophisticated hacks to show off, no beautiful backdoors into well-maintained code to make my point. Instead, I went the route of discussing the lack of security standards, the dire state of security awareness among educators, the deplorable state of school infrastructure, and the security-averse attitude of developers within education technology .

I should have written this post months ago— I am thankful for alot of people who helped me get through my first-ever talk at a national conference— but I’ve been struggling to overcome an awful, awful feeling that in the pit of my stomach after I finished my week away at hacker summer camp. After being surrounded by people who discussed securing the critical infrastructures that make our web work, protecting medical devices from attack, and preparing for the Internet of Things that is to come, I realized that I didn’t go far enough.  Continue reading “On #edsec: Education’s massive security problem”

A rant: Twitter, your 2-factor Authentication Sucks, or Why #Brands Get Hacked On Twitter

For the past six years, I’ve worked in online marketing. As such, I have been the holder of ALL the keys to the social media accounts for many brands I have worked for and worked with in the Silicon Valley and beyond. My biggest nightmare as the holder of the keys is waking up in the morning to find my company on the frontpage of Mashable as the latest of the #brands (I mean that hashtag ironically) who had a social media account hacked via phishing, spearphishing, or something worse. To prevent the worst from happening, I’ve implemented a variety of multi-layered security strategies over the past few years  to protect myself and my brand’s self to foil any attempts of account takeover.

Today, I logged in to my brand account to reconfigure one of these layers of security on Twitter. When I finally got to the spot in account settings where I can enable 2-factor authentication, however, I was informed that Twitter only allows use of 2factor authentication with one phone number.

Thanks, Twitter but no: THIS IS NOT OKAY. Continue reading “A rant: Twitter, your 2-factor Authentication Sucks, or Why #Brands Get Hacked On Twitter”

This is bullshit: A rant on hacking, passwords, security and usability.

Over the weekend, a major news story broke about an iCloud attack in which hackers broke into the accounts of 100 female celebrities to steal compromising nude pictures. Every. single. time there’s a “hacking” incident, the media coverage is awful— and the security advice is even worse. Case in point:

In all of the discussion of the incident,

Continue reading “This is bullshit: A rant on hacking, passwords, security and usability.”

On safety + personal space while being a woman

giphy

Last night, I took to Twitter to yell about something complicated, anger-inducing, emotional and downright frightening: the recent, persistent violation of my personal space that I’ve endured in San Francisco. Sometimes when I have a problem that needs solving, quick, short bursts of concise text help me get to the center of the issue: in this case, I’ve lived here for a few years now, but have never felt as physically threatened and violated as I have in finding my way through its streets as of late.

Until just a few weeks ago, I’ve been lucky– I’ve walked the streets of this city relatively unimpeded for 3.5 years, purposely blending in and not sticking out from the crowd. After yet again having a person lay his hands on me without my permission and without good reason for the sixth time in a month yesterday evening, I couldn’t bottle it up anymore.

So I let loose… Continue reading “On safety + personal space while being a woman”

This is why your “Women in Tech” event sucks

giphy (1)

A few weeks ago, my friend Leah wrote a thoughtful post about how to get more women into technology and STEM careers. In her post, she says:

Enticing women to tech isn’t about making it “diva-fied” or “girlification.”… Reducing women in tech from engineers to “web divas” pushes us into superficial territory and marginalizes our skills and contributions.  Instead of looking up to women in tech as problem-solvers and visionaries we get looked down upon as interlopers far from home.

Women are not all the same.  We don’t all want pink and flowers and glitter.  We don’t all think the same. We aren’t one dimensional creatures who will be drawn to the tech world because someone sent us a flier with pretty purple letters and butterflies.  We don’t all enter the tech world the same way and any strategy that relies on all women being alike is doomed to fail.

Continue reading “This is why your “Women in Tech” event sucks”

A must-read for educators: privacy, ethics, and educator responsibility in #edtech

There are some exciting tools out there that allow students to do amazing things, but test them out first of all with a dummy account and cast a critical eye over the ethics of the service before you encourage students to start using it.

If you’re an educator, this post by Cameron Hocking is a great place to begin thinking critically about the tools you use and the responsibility you have in protecting your students data: Educational Conferences and the ethics of EdTech.