If you’re getting a little tired of the debates surrounding the Cybersecurity issue, you’ll find the posts we selected for this week’s “Top NoVA Infosec Blog Posts” refreshing.

#3 – The Art of Persuasion: In his post “Recognizing False Arguments,” @electricfork outlines the familiar arguments that many of us hear when we try to convince our employers that a gaping vulnerability won’t just fix itself or go unnoticed by attackers. While employers tend to come up with all kinds of arguments—many of them ranging from slightly absurd to completely ridiculous—the reality is that we must be prepared to show our employers why vulnerabilities cannot remain unfixed. @electricfork does a great job of outlining basic responses to some of the most common arguments used against fixing vulnerabilities. You can check them out here.

#2 – What the Hex: For those of you who haven’t used a hex editor before, or are looking for a new one, you’re in luck. In their post “XVI32: Hex Editor of Champions,” @geminisecurity talks about hex editors (the XVI32 hex editor specifically), and why we should use them. Calling the hex editor “an essential tool for anyone in the computer security field,” @geminisecurity says that hex editors are especially good for looking at the nitty-gritty details of data. The XVI32 is no exception. Describing the XVI32 hex editor “a very robust, stable, and easy-to-use hex editor for Windows,” @geminisecurity says that some of its best features include a built-in scripting engine, bit manipulation capabilities, and numerous ways to interpret and display data. You can check out all the details here.

#1- Think Outside the Toolbox: The PaulDotCom post “Find Time to Put the Tools Away” opens with an interesting comparison of pen testing eerily resembling airport security. Both pen testers and TSA professionals are trained to look for very specific things, often overlooking other potential problems because they neglect to see the big picture. For example: Instead of looking for certain vulnerabilities like XSS, XSRF and SQLi, PaulDotCom encourages security professionals to look at how an application works instead of looking at the parts that make it work. He also gave one of the most profound pieces of advice that we’ve heard in awhile: “Trying to understand how something worked used to be the goal and definition of hacking.” And on that note, I hope that you’ll read the post yourself.

Don’t forget to follow me during the week @grecs to get more recommendations on the blog posts you should be reading.

o o o o o

Wanna hack your career?