Article: Don’t fall into the MVP trap!

In August, Software Magazine published Tozny CEO Isaac Potoczny-Jones’ article on building security into the software development lifecycle. His key point is that the market demands of software development encourage leaving security to the end user for a variety of reasons: Many companies want to validate a market before investing in product security, so …

KATU News: Baby Monitor Hacks

Tozny CEO, Isaac Potoczny-Jones, was interviewed via Skype by KATU news to comment on about Rapid7’s case study on security vulnerabilities for baby monitors. Key points to highlight: Internet of Things devices are being connected to the Internet without sufficient analysis of potential security problems. The security industry doesn’t have enough …

Talk: An Overview of Emerging Cybersecurity Policy and Law

Why is cybersecurity such a hard problem? The US government, its citizens, and the organizations that write software are all on the same team, but in many cases, our interests are just not aligned. For instance, there have been endless political and social disagreements about the best way to share …

Talk: 2015 Northwest Aerospace & Defense Symposium

This past week, Tozny CEO, Isaac Potoczny-Jones spoke on cybersecurity policy and law for the Pacific Northwest Defense Coalition and Pacific Northwest Aerospace Alliance. The talk was part of the 2015 Aerospace & Defense Symposium held at Joint Base Lewis-McChord.   Isaac shared the stage with Peter S. Chiou, Principal Strategist and Business Development …

Article: How Safe is ‘Smart’ Technology

Tozny CEO, Isaac Potoczny-Jones was quoted today in an article by Wayne Havrelly at KGW about the Internet of Things. “Any system, as it gets more complex, the likelihood of a weak link in the chain grows,” said Isaac Potoczny-Jones, computer security expert with Galois. “So as cars get these integrated …

Talk: User Identity and Authentication in WordPress

The other day I gave a talk at the Portland WordPress Developers Meetup about authentication in enterprise and web environments and how WordPress fits into the Identity Management alphabet soup. At the end, I showed off our WordPress Plugin, which can be used for easy and secure login to WordPress …

Video: Common Crypto Mistakes in Android

Watch Isaac’s talk about common mistakes that developers make in Android cryptography based on our article about the same topic. About: If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String …

Encrypting strings in Android: Let’s make better mistakes

Update: Here’s the video of Isaac’s talk on this topic and the Github repo for the AES library. Or check out TozStore, Tozny’s new multi-language end-to-end crypto library for everyone. This article is part of our Security Guides series.   If you do a web search for “encrypting Strings in …

Blaming users for security incidents is counterproductive

The Associated Press has done some important research into the cause of cybersecurity incidents in the federal government. Unfortunately, they come to the wrong conclusion. They document the huge rise in security incidents, and then add: And [federal] employees are to blame for at least half of the problems. Specifically, not …