Monday, April 15, 2013

It was bound to happen sooner or later...

Well - it happened.  Brian Katz (@bmkatz) gave me a soapbox to stand on last week - and this is the result.

We covered a range if items over the course of 40+ minutes about all things Mobile, IDAM, Data Classification, and more.   We'll see if this turns into something of a go-forward model for getting the message out to the masses :-O

What this also means is that I will have to dust this blog off and get back into a publishing groove - in a good way.


Friday, January 20, 2012

Oh, and by the way...

Will be heading to Shmoocon 2012 (missed last year - no tix), with the PSU @TracyBP, and our good friend @SheilaA.  Hopefully no Snowpocalypse this year (2010).   Tracy knows the drill with Shmoo, she has been several times with me before. But Sheila will be a noob.  Trying to not overly freak her out, but over the years she has been riveted with the stories I come back with... heh..

Whoo Hoo! Heading to RSA!

Well...   The long drought is over.  I'm heading back to RSAC for the first time since - 2007??? Time to see if I can reconnect with some old friends, meet new ones, and re-discover the various side-shows which invariably pop up over the course of the week.   

More to come.

Monday, December 06, 2010

I'm baaaaaaack.......

Never left really, just went underground for a bit - sort of an InfoSec Cicada.  I supposed I had to start this blog up again at some point.  If nothing else, it will help me convince myself that the more things change, the more they stay the same and that the InfoSec space is in serious danger of becoming irrelevant.

Friday, July 10, 2009

Random items - it's Friday, and the sky hasn't fallen yet this week...

Some random things this morning…

InfoSec related, sort of… First few days of class have gone by, and I am finally getting my schedule down. Up at 0400 hrs, brew a quart of Starbucks Sumatra (which has a “capricious spirit” and is an “adventurous coffee” by the way?) answer my section’s students’ email, review discussion posts, and generally look over what my section has done so far. Finish up by 0530 hrs or so, and then get ready to go in to the office for my day job. Come home by 1900hrs, log back on to Blackboard, and do it again. Offline by 2300 hrs or so, and then off catch a few hours of sleep.

To Con or Not to Con? Still trying to decide whether or not to hop a flight out to DC this year. BH is out, unfortunately, no budget for that amount. The $150 for DC is a whole lot more affordable, assuming I don’t lose it to one of the slots on the way out of the airport. A good friend, Mike Murray is speaking at DC this year, and I would encourage anyone to slide into his presos.

Also have been trying to come up to speed on my son’s new MacbookPro. He’s off to college in the fall, majoring in Film and Photography. His school requires incoming freshmen to have a MBP, and he was overjoyed at the prospect of getting one of the latest models. We waited until WWDC, and then placed an order. After having seen one of the new MBPs, I can say that I (almost) could be swayed.

Anyway – I’m starting to have discussions with him about the ugliness that exists beyond the boundaries of what has to date been a relatively safe environment. No more house firewalls or content filtering, no more watchful eyes… After about ten or fifteen minutes of outlining some “safety” measures, the glaze-factor started to kick in. If you have teenagers, you know exactly what I mean. So – I showed him some old Wireshark traces I took on my occasional rides from Boston to Washington on the Acela. When I explained to him that I was able to see user’s accounts, their passwords, email, web surfing habits, while traveling down the rails at a rapid clip, he started paying attention.

I guess the short version of this post is that getting the Information Security message out solely by traditional educational means may not work. If you want to get someone’s attention – a direct, hands-on demo is what does it for most, and especially teens. I see their population most at risk because whether or not one wants to believe it, they are the most connected generation and will far surpass us in their permanent connectedness. They take being connected for granted, and more importantly, do not see the dangers lurking just under the surface.
I’m rambling at this point – so enough for now. I have to get on the road to my Day Job.

Bill P

Monday, June 29, 2009

2009, and then some...

Well, it’s good to see that InfoSecToday is still alive and well. I’m still alive, and as far as being well, well you know how that goes… Lots of changes over the last year or so - Still married (the same one), still have a job (the same one), have two kids in college now (the same ones), but a lot less in the 401k. I’ve been through two different iPods, and am on my second Zune (a big one). It is amazing how much stuff you can cram into a space no larger than a pack of cards. More on that in later post.

One of the sad / scary / frightening highlights of the last year or so was my six week “vacation” from my InfoSec day-job. I’m not sure if you have had an opportunity to serve on a jury, but if you are ever called, please, do not try to wrangle your way out of this civic duty. Early in March of 2008, I got a rather fat envelope from the Rockingham County Court, and my first thoughts upon getting the fat envelope were “..what did the kids do this time???”. But as soon as I opened it up and saw the subject line, my skin got cold. After almost thirty years of not being called for duty, my number came up. Six weeks later (yes, six weeks in a box) we issued our verdict – Sane and Guilty of Murder in the First Degree on two counts. You can hear my 47 seconds on internet fame here announcing the verdict to the court clerk. Oh – and as to the trial? You couldn’t make this stuff up. Pick your favorite search engine and look for “Sheila LaBarre".

Tech-wise – I’m up to seven email accounts (no – don’t ask why), and I’m on Twitter, although I’m not fully sold on that one yet primarily due to the “noise” level and form-factor. If you want to some following, drop me a line, and I’ll tag you as someone I might trust. Maybe.. Con-wise, the big E-Ticket rides are a thing of the past (at least until either the economy rebounds or college costs abate), and maybe that’s not a bad thing, really? I went to my second and third ShmooCon events in the interim, and this year managed to convince my wonderful, tolerant of my whims, and now frightened out of her wits wife to come with me to ShmooCon09.

If I had to summarize the state of affairs of Information Security over the last 18 to 24 months in one word it would be “desensitization”. More to come on that thought next time…

Bill P

Friday, March 23, 2007

ShmooCon 07 Day One (well mid day maybe)

For those that don't believe that I'm here - here is my notebook, and official ShmooCon 07 badge. So there.. Kind of my poor-man's conference two-factor authentication. Something I've had for a while, and something I have now.

There also happens to be some type of Medical Professional conference here at the Wardman Park , too. The Society for Behavioral Medicine , or something like. I can think of no two better segments of society to be collocated for several days… While milling around this morning, it was quite funny to watch each group watching each other. Kind of like wolves and sheep, maybe? TSG has set some pretty strict rules about not hacking the locals – hopefully most will comply. So far – some of the familiar faces – Simple Nomad of course (who could miss him? - interesting boots by the way) although he doesn’t know me (only met twice), and rumor has it that our own SBN Martin McKeay is here too, apparently hosting a party this evening at Chipotle over on Connecticut Ave. We’ll see if they let me in. I’m apparently way overdressed for this venue, with my Dockers and Polos. Oh well.. I’ll change the color of my Polo tomorrow. Maybe I’ll blend in better tomorrow when everyone (mostly) is hungover..

Bill P

Where's Bill P? (been)

Been busy with my day job... Very busy... But - not for the next few days. I'm down in DC at ShmooCon 2007. If I can keep my wits, keep up with grading my student's work (Boston University), and keep the work emailbox doen to a dull roar, I'll try doing a few posts while on the lam here in DC. Already I've ran into a few familar faces (in the bar of course), and hope to see a few more.

More tomorrow.

Bill P

Friday, February 16, 2007

The Business of IT is the Business. Period.

Wow. Great post by Mark over at the SecurityBuddha. I’ve been saying this for years (well, maybe a couple anyway). One of the biggest hindrances to effectiveness and efficiency in an IT shop is IT itself. I still see kids coming out of school, whether it’s undergrad or grad, that do not have a good grasp on what it means to be in IT. The Business of IT is the Business. Period. All too often I see organizations that can’t get out of their own way because their processes are so ingrained and inflexible. What we really need (borderline heresy from an IT guy) is more technically oriented MBAs. It’s these types that can probably bridge the gap. The days of IT knows Best are long, long over… What is more frustrating - the fact that we still are not getting well-rounded IT grads, or the persistence of self-serving IT organizations? I'm not sure, but maybe it's both. I was in a conversation the other day (which I cannot share), and I swear it was almost like ObiWan was there saying "Those are not the IT services you are looking for..." as he waved his hand towards the technically challenged business folks. I happened to be with my Business partners, and the instant level of frustration scary, and real. I felt bad, and spent the remainder of the day trying to reconnect the dots that had been scattered during that phone call. It is an interesting take that it generally is the IT Security guy/gal that can do that, however, and shouldn't be lost on anyone. The best thing that can happen to us in our profession is that someday, we'll no longer be needed. Think about that one for a bit ;-).

Bill P