In this action-packed episode we talk about how best to name a new infosec product. Before we get to that though, we give a reverse shout out to @zyx2k as he kindly mentioned us in a talk he gave… so we mentioned him because he mentioned us and I guess now he’s got to mention us again and things are going to end up in an infinite loop.
Also, Bsides London 2013 has a rookie track which is ideal for first time speakers. Rookies get assigned a mentor who will help them pull together a talk and slides and give guidance throughout the process. The more experienced speakers can sign up to be mentors, a win-win situation. For more details on Bsides London visit the newly designed website http://www.securitybsides.org.uk
A lot of companies let employees bring their own devices, like mobiles to connect to work and be more productive at less cost – but how do you manage the data on these devices that aren’t owned by the business? What happens when someone loses the phone? As long as you can track it down, you can blow up the car in which it was left and your corporate secrets will remain perfectly safe.
We hear a lot about the death of Anti-virus software, how it’s obsolete, doesn’t do much, can be bypassed and all that good stuff. It’s the kind of topic I avoid exposing young Girl Cynic to, but she read about it and so we ended up having a discussion around it.
Did we reach any conclusions? Did we solve anything? Is AV dead, a zombie, or alive and kicking living on a ranch with Elvis?
Well, we can’t answer all the questions can we… and we spent far too long making the video because somebody kept getting the giggles! (some bloopers at the end).
Security and privacy are sometimes used synonymously, at other times they are used as separate entities and at other times they are used as co-dependent on each other. But what is the truth? I ended up having this discussion with Brian Honan whilst at RSA Europe and he explained his point of view with this good analogy that I have tried to capture on the small screen.
What do you think? What are your views? An aspect that this video doesn’t dare delve into are the myriad of different privacy laws and regulations that differ from country to country and even within countries. It all makes my brain bleed!
RSA Europe 2012 has come to an end. It will be a memorable conference because I got the chance to be part of a panel debating whether users should be given infosec awareness training or not. It was an enjoyable experience and I can update my profile to say I’ve spoken at RSA – does it get any cooler than that? Well, only if you’re Josh Corman, who seemed to be part of every other talk at RSA. Despite this, I didn’t get a chance to see any of his talks – how lame is that?
Not holding back my feelings on the other panelists
Well, that’s the life of an analyst. It’s the seedy underbelly of the analyst lifestyle that you don’t get to see behind the glitz and glamour. Well, there’s a reason analysts and members of the press get free passes to a lot of conferences, and I’ve got a sneaky suspicion that it isn’t to see all the talks. That’s not to say I didn’t get to see any talks – I went to the keynotes which were very well executed if a bit wrong on content. James Lyne gave an always entertaining and informative presentation while Brian Honan showed people how to hack senior management. I’m sure I saw other talks too – but after 3 days of buzzing around, speaking to a myriad of different people, everything ends up being a bit of a blur – if only there was some way to intelligently analyse all the big data in my cloudy memory.
Buzzword bingo aside – it’s great being able to speak with some people far more intelligent than myself (which is nearly everyone) and just bounce ideas around, get a better understanding and broaden your horizons.
Like any conference when it ends you half mixed feelings of relief that it’s over and you can get back to ‘normal’ life, where a part of you doesn’t want to say goodbye to all your friends who’ve come in from far and wide who’ve joined you on the roller coaster ride. The best thing though was that once it was all over I didn’t have to pack no bags or catch a flight, but rather simply got on my motorbike and rode home. Which got me thinking about the pros and cons of attending a conference in your hometown.
The biggest pro would have to be that you get to sleep in your own bed every night.
The con would have to be that you don’t get to discover a new city with strange people you met off twitter just because they claim they are a security person.
It’s the most commonly question asked by the masses. On the tip of everyone’s tongue yet never answered…. until now. This is the video “they” tried to ban, but I escaped from the inner circle with Space Rogue to bring you the most revolutionary video ever – how to become an Infosec Rockstar!
So I spent the last week at (ISC)2 second annual congress conference held in the city of brotherly love that is Philadelphia. Luckily or unluckily, I didn’t get to experience any brotherly love whilst there, which may be a good or bad thing – I’ll never know.
The conference is co-hosted with ASIS. By which I really mean that ASIS is very much the dominant conference, I heard it is in something like its 50th year or so and has one of the biggest vendor halls I’ve ever been to. It really is humongous with a wide selection of physical security vendors ranging from CCTV cameras, gates, man-traps, trained dogs and drone tanks that seek out and defuse bombs. You can’t help but thinking a SIEM or firewall vendor would just pale in comparison if they tried to set up a stall. Although what was rather fun was watching some of “our” guys i.e. IT Security guys talking to some drone manufacturers about how secure their remote transmission protocols were and whether or not they could take control of their devices and to turn them against them. But that was the exhibition hall and a very interesting place to visit. It just goes to show, if you have a nice product with blinky lights that makes whizzing sounds, you don’t need no booth babes. Read the rest of this entry »
I’ve spent the last couple of weeks travelling a bit due to work and this week I’m at the ISC2 congress conference in Philadelphia. Here are a couple of videos I’ve made whilst on the road – none of which relate to security!
So websites – even really large ones have some serious security flaws and it’s disturbing. Yet they don’t seem to care much. Guys like Troy Hunt are doing a great job bringing these issues to light. In this video Girl Cynic and I ponder over some of these issues.