Categories ArchivesRSAC

Security Personae, the Rockstar standard

Information security is full of personality. The people that make it up group themselves into a few personae. Let’s start with the front men in information security? Chances are, you probably have a few folks that you idolize or look up to in the industry. Rockstars took risks back in the day to get their ideas published, and their perseverance has paid off in the form of stardom. Information security sometimes felt like the geekier offshoot of IT (if that’s even possible), and the luminaries weren’t always revered. Today, rockstars are the voice of the information security world and find numerous ways to engage their fans. Rockstars embrace social media to connect with their fans in ways that average Hollywood ...

Continue Reading

RSA Conference 2012, Are You Ready? standard

Some people are already in San Francisco, or will soon be enroute. It’s going to be legen… wait for it…. DARY! Watch the blog next week as I’ll be posting quite a bit of fun stuff, including some stuff on Monday that includes a freebie! You can expect the volume of posts to be pretty crazy next week, so follow me on Twitter, like me on Facebook, and/or keep the RSS feed handy for tons of great stuff! You will be able to find me in Room 131 at 2:40pm on Tuesday talking about the Dark Side of a Payment Card Breach, and expect to bump into me at the Expo hall, the RSA Booth, and the Securosis Recovery Breakfast ...

Continue Reading

Activity is Cranking, #RSAC in Ten Days! standard

For most of us security professionals, our busy season kicks off with the annual RSA Conference in San Francisco. The last two days has been a frenzy of activity with a ton of my time reserved in the last 24 hours. I’m looking forward to this RSA Conference for a couple of reasons. It might be the biggest one yet! I get to spend time with media and analysts talking about our stuff. I’m speaking! Tons of great networking opportunities. I hope that I will see you there! Possibly Related Posts: RSA Conference 2013, YOU READY!? New Security Services from EMC Consulting Enable Trusted IT GRC in the NextGen Data Center Trusting Identities in the Cloud Discover Your Security Persona ...

Continue Reading

Security as a Service ≠ Securing the Cloud standard

What a week! The 20th RSA Conference is over and it was great to see the masses back out at the Moscone again. I don’t think it’s been this big in a while, but if the parties are any indication, companies are spending money again. I want to say congrats to all the Social Security Blogger Awards nominees and winners! The selection committee did a great job this year selecting a group of absolutely fantastic individuals. Also, thank you to Securosis for putting on the Disaster Recovery Breakfast. That was much needed, and it also was a place for Anton & I to plan out the 3rd edition of our book! Wait until you see what we have in store ...

Continue Reading

RSA Europe Recap and the Spread of Regulatory Compliance standard

Why have I been radio silent this week? It’s certainly not because I have a lack of things to say. Even my own team mates are surprised when I tell the recent stories of being out talked. Couple of things are going on that you might be interested in. For one, I am doing a project for the next three weeks for the North Texas Chevy Dealers. In exchange for writing about and videoing my experiences, I have been given a 2011 Chevy Silverado Extended Cab, Texas Edition truck to drive. Follow my adventures over here to see me kick the tires! Outside of driving trucks and blogging about that, I spent the week in London for RSA Europe. The ...

Continue Reading

Book Signing Today! standard

If you are out at the RSA Conference, please stop by the RSA Bookstore today at 1p for a book signing!  Anton Chuvakin will be there, in the flesh!  We follow Bruce Schneier. Possibly Related Posts: RSA Conference 2013, YOU READY!? New Security Services from EMC Consulting Enable Trusted IT GRC in the NextGen Data Center Trusting Identities in the Cloud Discover Your Security Persona at RSA Conference!

Continue Reading

The RSA Conference, Are You Ready? standard

The annual RSA conference descends upon the Moscone center in San Francisco next week, and I can’t tell you how excited I am to be attending this year.  Not only do I work for the company that bears the conference’s name, but we’re making some big announcements about our future and direction.  More on that next week! Outside of that, if you want to catch up with me you will have several opportunities. Monday: Arriving in the late afternoon.  Meeting with some folks and gearing up for the conference! Tuesday: Client meetings and booth duty!  Come find me at the RSA booth from 11am to 2:30pm in the Expo. Wednesday: This day is stacked with meetings and I will be ...

Continue Reading

Kicking Off 2010! standard

day 162 Karate Kick, by Hoggheff
Greetings everyone! 2010 is going to be a pretty interesting year if we can keep this economic momentum going.  Here are a few things to start your year off! Check out my new article “Will End to End Encryption Save Us All?” where I attempt to define various forms of End to End Encryption (E2EE) and figure out how they could be used to secure PCI DSS related data. EMC/RSA buys Archer.  This one is a game changer, folks. The January issue of Herding Cats is also available!  “Corned-Beef PCI DSS” expands and refines a blog post I did here about using hashing as a data protection method, specifically as it relates to PCI DSS (PCI DSS is the focus ...

Continue Reading

Managed Security Services ≠ Light Switch standard

RSA 2009 has been in the can for over a week now, and I’ve had some time to reflect on the state of security since the economy broke it’s nose on the market floor. Gartner released reports saying that security spending was not cut as hard (if at all) when compared to other areas inside companies. People on the expo floor had mixed experiences as well. The four common themes I discovered were: Non-essential security spending was cut (but things you have to do like SOX and PCI are fine) Headcount was cut No change My hair is on fire Regardless of the theme, more security professionals are warming up to the idea of Managed Security Services. While most of ...

Continue Reading

An alternative to PCI standard

PCI is still a hotly debated topic nearly four and a half years after its initial release on December 15, 2004. You didn’t have to visit too many after hours parties or exhibitors at RSA to see that. Most of the criticism of PCI comes from people who really don’t understand it, or understand how to use it to their advantage. And those people fall into two categories themselves; those who are green to PCI and are overwhelmed, and those who love their soap box. Those in the former bucket just need time to get up to speed. PCI, like Rome, was not built overnight, and it requires weeks of study to fully grasp how it will affect your environment. ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!