Not only since my seven security tips1 have I been getting questions about why I prefer to keep Windows and an Active Directory2 offline. That may sound inflexible, and in an era of AI-generated cybersecurity slop3 I may look like an outsider. So in today’s blog post I provide more context, explain the technical background, and lay out how ransomware works. Read more

A typical day in a mid-sized company. The already overworked developer, deep in crunch mode1 gets a quick note: “Would you please make the open invoices visible in the overview of all customers for this project?” Dutifully, he nods. He knows it’s an important project, the task isn’t technically difficult and the boss likes quick and simple solutions. Read more

A typical crisis meeting scenario: The Management and myself as an external consultant or information security officer sitting in a conference room: Our processes are being slowed down by too many security requirements. Employees are complaining. ‘Your’ IT security is becoming a risk to our business. Read more

It was the early 2000s and I was sitting there with a massive brick from Microsoft Press.1 The proud price back then: 129 Deutsche Mark. I flipped through it and felt a déjà vu: I knew these pages! Not in terms of content, but the layout, the structure, the examples, even the icons in the side notes: These were the lost manuals of the 1990s! Read more