Talking Out Loud with ASB

A look at Microsoft’s SIR v14

2013-05-08T21:04:43Z

So…. I finally had a chance to finish reading the latest full edition of Microsoft’s latest Security Intelligence Report . There’s a lot of really good info in the report. The executive summary also does a good job of highlighting key points. That said, I had a couple of observations of my own that others might find interesting. Systems Management Overall, the data led me to conclude that people who keep their operating systems up to date – whether we are talking versions or patches/service-packs...(read more)

Dueling Business Mindsets

2013-05-01T02:59:08Z

If there is one lesson that technologists need to understand in order to be successful, it’s that business is ultimately more about people than about process or technology . At the end of the day, how people think, behave and operate will have be the greatest influence on the success of any organization. With that said, it has been my observation that every single business operates in two contexts or modes. For now, we’ll call them Mode 1 and Mode 2 , where Mode 1 is the normal or typical...(read more)

Enhancing My WLAN with a Meraki MR12

2013-04-05T17:05:21Z

I finally got a chance to deploy a Meraki MR12 wireless access point . These are some sweet devices. I wasn’t that happy with the PoE brick that it comes with for power, but getting it setup has been quite pleasant. As an enterprise device, it supports all sorts of options for authentication, including RADIUS authentication, and LDAP. I still have to get the SNMP monitoring configured, even though I was able to get the MAC-based authentication via RADIUS configured without much stress. It is...(read more)

Wise Security Investment Approaches

2013-03-01T03:42:20Z

A holistic approach to information security needs to address a corporate strategy for buying or building solutions. Such a strategy will have an impact on how a company looks at staffing and technology investments. There are two basic ways to look at major investments of information technology and information security: you can buy or you can build . Option A: The BUY model In this model, an organization selects industry standard tools and technology, and aims to hire above-average to guru-type employees...(read more)

The Futility of Blaming IT

2013-01-22T04:22:38Z

In recent years, it has become popular sport to blame information technology (IT) departments and IT leaders for failures – real or imagined – which adversely impact business operations. Even some technology trade journals seem unable to get through a single issue without finding some point upon which to lambast a CTO or CIO for not “stepping up to the plate”, or adding value, or some other business sin. This trend was clearly seen in two recent articles on InformationWeek ( 6 Ways IT Still...(read more)

Reading Between the Lines of Breach Notifications

2013-01-18T17:42:02Z

Back in September 2012, I wrote two articles for Point2Security on how to effectively handle breach notifications: The Who of Post-Breach Communication Post-Breach Communication: The Importance of How & When Sadly, to many organizations are doing something entirely different when it comes to post-breach notifications. I like to take the time to read various breach notifications and see if I can get additional clues from what is said and how it has been said. Let’s take a couple of recent examples...(read more)

Get Real with Information Security

2013-01-01T04:22:40Z

In 2012, the writers of malware and the attackers of networks were very busy, using both social engineering and increased technical sophistication to fuel an increased number of attacks. Not incidentally, mobile devices just flew off the shelves this year, with predictions that over 122 million tablets and some 717 million smartphones will have been sold when the tally for 2012 is complete. Quite a few of those devices were connected to corporate networks, and even more will be connected next year. ...(read more)

Job Hunting: It’s All About Relationships

2012-11-30T21:00:47Z

Earlier this week, I read an article about unemployment and the struggles of those coming out of college and graduate school who are seeking jobs. A surprising number of people were simply spouting the rhetoric that people who don’t have jobs are simply lazy and feeling entitled. May God have mercy on those who posted, such that they never have to be out of work in this economy. The whole planet is not divided into Lazy and Successful. At least some of the people who are successful (or...(read more)

Why We Have No Online Privacy

2012-09-21T21:15:38Z

Earlier today, as I read a very self-serving article lamenting how online growth will be killed due to impending “Do Not Track” legislation , it became very clear to me why online privacy in the US is almost entirely non-existent. As a society in the 21st century, we have willing accepted the idea that in order to be able to obtain anything useful without paying money up front, we need to give up our data and let others regulate it as they see fit. This has become so ingrained in our collective psyche,...(read more)

Securing Your Storage - Part 1

2012-08-14T19:39:41Z

If you’re going to make use of cloud-based storage, it is a good idea to ensure that you keep it secure. Unless you are absolutely, positively certain that you will never, ever put anything in there that you wouldn’t want to find in a public place, you’re going to need to consider encryption. Even if you don’t care about the data, you should really be looking at encryption options. I’m currently using storage from DropBox , Box.com , SugarSync , SkyDrive and (as of a couple days ago) SpiderOak...(read more)

Dear Recruiter: Help Me Help You

2012-07-13T14:41:33Z

As we head into the second half of 2012, I average about 3 to 4 calls/emails from recruiters per week. In contrast to the overall job market which is still not doing so well, the market for information technology professionals is quite lively, especially in and around the metro areas. Hot skills include the following: information security unified communications virtualization and cloud mobile development anything that has Citrix in it This is by no means a comprehensive list, but I am...(read more)

I’m Tired of Registration Walls

2012-06-20T22:29:40Z

Note to the heads of sales, marketing, and web site development: I’m tired of your registration walls (regwalls), and will no longer be supporting them. I realize that you want to know who is looking at the materials you are producing, that you are trying to measure the ROI of your promotional endeavors, and that you are seeking for any and every means to monetize the interactions you have with existing and potential customers. I get all that, but I’ve had quite enough, thank you. I do...(read more)

So, You Want To Be a Technology Consultant?

2012-06-14T23:03:36Z

{EAV:94066b12a52ac57b} Doesn’t everyone want to be a consultant? Probably not… There are some clear advantages to working for yourself, and there are some clear disadvantages. Likewise, there are some PROs and CONs of working for someone else, and it for each person to determine for himself if consulting is right for him. The only question I am trying to answer today is how to enter the realm of technology consulting for those who might be so inclined. Yes, there is more than one way to become...(read more)

Making the Most of Social and Professional Networking

2012-05-22T16:12:21Z

As social/professional networking continues to proliferate, users and organizations alike, seek to find the ways to make the most of the growing trend. A recent infographic shows just how complicated it can be for marketing departments to try and cover social media. Similarly, many people are wondering just how much time they need to spend on social networks in order to see any value from the effort. Here are the top questions which challenge individuals: Do I need to be on any networks at...(read more)

Managing Your Personal Security

2012-04-01T04:00:00Z

In the past few days, we learned that Global Payments Inc, a middle-man credit checking company, suffered a breach of its systems starting in January of this year . It has been speculated that up to 10 million card holders might be at risk. Even with the growing trend of these types of attacks, your personal security both online and offline is still heavily dependent upon your own behavior. The sites you visit, your personal account management and password policies, and the data you post...(read more)