Monthly ArchivesFebruary 2012

Trust is a big deal at EMC, and EMC Consulting announced five new services today to enable customers to build new levels of trust and control for next-gen IT infrastructures. I spent some time working with this group over the last couple of years and am quite excited with these new services. They are: Trusted Cloud Advisory Services build trust in an organization’s next-generation IT architecture. Information Governance Advisory Services enable the development of a cohesive approach to information governance.  This is critical for an information-centric approach to information security. Governance, Risk, and Compliance Advisory Services identify, analyze, manage, and mitigate risks. Fraud and Identity Management Advisory Services help organizations cope with a complex, evolving threat landscape. Mobile Device Security ...

What an afternoon! We’ve learned about ninjas, trolls, unicorns, squirrels, and rockstars. One of these personas might just fit your perfectly! If you want to have a super-official assessment of your persona, come to the RSA Booth in the Expo hall and take our short quiz. Once complete, we’ve got a ton of goodies for you including a nice wallpaper for your phone and a T-Shirt! What is your security professional persona? Watch #AlterEgoRSA on Twitter or RSASecurity on Facebook to see lots of fun content, find out what persona best describes someone you may know, and keep reading to see them all! Possibly Related Posts: RSA Conference 2013, YOU READY!? New Security Services from EMC Consulting Enable Trusted IT ...

After adding unicorns to our list of personae that includes trolls, rockstars, and squirrels, it’s time to discuss one final personae—the Ninja. While the unicorn has a solid foothold in infosec lore, the Ninja is the warrior that relies on his stealth, agility, and speed to neutralize his targets. Ninjas train relentlessly to make their skills reflexive and rely on diversionary tactics and misdirection to perform their tasks right under our noses. Ninjas exist on both sides of the equation in a yin/yang fashion, but rarely do they stay relentlessly true to their colors. Good ninjas might slip into restricted areas for learning purposes, and bad ninjas may occasionally help out an innocent. Regardless of their philosophy, they remain the ...

So far, you have learned about trolls, rockstars, and squirrels. But what about the biblical version of the grasshopper? The Unicorns didn’t miss the Ark because they were playing, they were busy hunting unseen and unknown threats in the system. In fact, the stories of missing the Ark furthered their cause by allowing them to “erase” themselves from known existence. This might be their greatest asset as not only are they rare, but for the most part, the people don’t think they exist at all. A unicorn’s skills and legends are infosec folklore. Many imitate, but few embody the true spirit of the unicorn. What is your security professional persona? Watch #AlterEgoRSA on Twitter or RSASecurity on Facebook to see ...

We’ve read about rockstars and trolls, but what about the folks that live in the nuts and bolts of information security? It’s the Chris Hoff’s of the world, the Squirrel. Squirrels are curious and mischievous at times just like their real-life animal manifestations. They like to understand how things work and are of the few that can completely disassemble and reassemble something and have it work as expected—possibly while adding a few modifications to make it better (or worse). Squirrels are just as likely to analyze something for vulnerabilities as they are to exploit one. Chris Palmer of IBM even postulates that “a well-placed squirrel can wreak almost as much havoc as a cyber attack on a power grid.” Squirrels ...

Man, there sure are some rockstars in our industry, aren’t there? But what about the near opposite? The troll! Trolls tend to get a bad rap. We think of the little short guy guarding passage to a bridge or the Internet commenter relying on anonymity to protect his vicious stream of vitriol from causing him physical harm. Trolls sometimes might be considered gadflies, but there are two sides to that coin. On the positive side, trolls can adapt to situations under stress and tend to be well connected into many influential communities. They’re not stupid—they tend to be intelligent and use their skills to get people to think about tough issues by presenting a different perspective. Their effectiveness depends on ...

Part of the challenge in building a functional intelligence-led security program is getting good intelligence that is relevant to your company. If you have not gotten your house in order, it’s challenging to even consider moving from a compliance-led program to an intelligence-led program simply because everything you have is tuned for an auditor, not for a security professional. Once your house IS in order, however, you stand to gain tremendously from a focus on intelligence-led security. RSA announced today a new version of NetWitness Live that can assist companies in their quest to identify and validate attacks by using various intelligence sources. We’re even now showing off a cloud-based proof-of-concept at the RSA booth during the show this week. ...

Information security is full of personality. The people that make it up group themselves into a few personae. Let’s start with the front men in information security? Chances are, you probably have a few folks that you idolize or look up to in the industry. Rockstars took risks back in the day to get their ideas published, and their perseverance has paid off in the form of stardom. Information security sometimes felt like the geekier offshoot of IT (if that’s even possible), and the luminaries weren’t always revered. Today, rockstars are the voice of the information security world and find numerous ways to engage their fans. Rockstars embrace social media to connect with their fans in ways that average Hollywood ...