One trend we see coming on like a freight train is the rebirth of security awareness training. Folks are working on content that doesn’t suck and enterprises are finally starting to gather data about how stupid mistakes (such as clicking phishing messages) are decreasing after training sessions. NetworkWorld recently ran an article (in their Insider section, which requires registration – boo!) providing some tips to deal with phishing.
I think I’m finally waking up. After a week at RSA where I basically don’t sleep – not all bad, mind you – it takes a while to recover. In fact Monday might as well not have happened – I certainly got nothing done. It was not for lack of trying, but I was simply part of the zombie apocalypse – but I don’t want brains, just some Captain Crunch and sleep. Today I had the ‘Oh crap!’ realization – I promised people things last week, and I need to deliver. As much as I’d like to shuffle this stuff…
With our last post in this series on Understanding and Selecting Cloud Identity and Access Management, we want to help guide you through product selection. No two customer environments or lists of requirements are the same, but key decision criteria will help you narrow down the field to suitable platforms. We will provide questions to help determine which vendors offer solutions that fit your architecture, a set of criteria to measure the appropriateness of a vendor solution to your design…
As if the IBM Security Systems folks weren’t busy enough with the RSA Conference last week, they flew directly from San Francisco to Vegas for their annual Pulse Conference. Sure it’s a lot of back-patting and antennae rubbing, but there is usually a good nugget or two from their customer presentations.
We all knew the Flash was fast. But it seems Apple has made Flash so fast you can’t even use it on your Macs. Well, actually, they put some new protections in to ensure only the latest version of Flash runs on Mac OS X 10.6 and later.
My career has been turbulent at times. I know that’s shocking to those of you who know me personally. When I was invited not to come to work at my last job in VA, I already had a good position at a hot start-up in Atlanta lined up. They were well aware of my situation, and once I was a free agent the deal got done quickly. I had one real estate agent selling a house in VA, and another looking for property in Atlanta. Full speed ahead.
It looks like Ray Umerley had a good time at the RSA Conference. Besides seeing pics on the Tweeter of him at the Ju Jitsu gathering, he took some time to document his thoughts about what he saw at the show (RSA Conference 2013: My Takeways). Ray covers security intelligence, and how as you collect more security data, it becomes more important that it be used within a security/risk management program.
Clearly the world is not enough. So I’ll be getting my 007 on in the UK in early April to deliver our Cloud Security Training. We have recently updated the curriculum to the Cloud Security Alliance Guidance V3.0, and I have to say it kicks butt. Many of the hands-on exercises have been overhauled, and if you are looking to get familiar with cloud security you will want to check out this class.
Hat tip to our pals at TripWire, who do a good job of leveraging the security community to generate interesting and entertaining content. They have a guy named David Spark who roams around the floor at trade shows like RSA and captures video. A recent video asked, What would you do if you became CISO?
Hot on the heels of our Building an Early Warning System paper, we have taken a much deeper look at the network aspect of threat intelligence in Network-based Threat Intelligence. We have always held to the belief that the network never lies (okay – almost never), and that provides a great basis on which to build an Early Warning System.