137 posts categorized "podcasting"

December 01, 2011

Have We Got Risk All Wrong?

firemon_logoMost of us in the information security industry long ago recognized that we could not eliminate every risk and threat to our data and networks. Instead we have tried to manage that risk to acceptable levels, with acceptable being in the eye of the beholder. An entire information security risk management industry has sprung up over this time. But, have we missed the boat on risk? Has the risk management space been hijacked by the vulnerability management crowd?

We have settled on a formula for risk being:

Risk (R)= Threat (T) x Vulnerability (V)

But is that the correct formula to use? Are there other factors that need to be considered?

I am joined on this podcast by Jody Brazil, President of Firemon and Gary Fish, CEO of Firemon to discuss these questions in light of Firemon's new Risk Analyzer product.

Risk Analyzer offers a new way to look at risk using risk based scenarios. Introducing concepts such as reachability, exposure and asset value into the equation, it gives us a better measure of risk. Risk Analyzer also gives us another way of prioritizing different risks to make us more efficient.

As many of you know, I have been working with Firemon for a few months and have watched Risk Analyzer develop. The folks at Firemon have taken a great engine that was developed at the MIT Lincoln Labs and developed some great front end features to make this a complete product. I am very excited by what it offers and I think you will be too.

Have a listen as I discuss this with Jody and Gary.

Also be advised that there was a clicking in the recording (which we obviously didn't know about when we recorded this). I have done my best using my not very considerable sound engineering skills to remove it. It is still there, but it is the best I can do and I thought the quality of the conversation was much more important than the quality of the sound.

Enjoy!

Related articles
Enhanced by Zemanta

Posted at 11:08 AM in podcasting, vulnerability management | | TrackBack (0)

October 20, 2011

Podcast: Can Open Source Provide The Protein For Security Below The Poverty Line

Reprinted from my Network World Blog

Security costs too much for many organizations, is open source security the answer?

By Alan Shimel on Mon, 10/17/11 - 12:44pm.

Having been in the infosec world for more than 10 years, I have learned the hard way that there are some real issues around effective security for everyone.  One of them is that security is hard and seems to be getting harder. As a result security is also very expensive.  So expensive that only the largest of organizations who put a high value on securing their assets can afford it.  In fact some studies show that large organizations spend on average of about 3.5 million dollars a year on security.  Frankly, even that is not enough given the current state of cybersecurity.  But even assuming that number is adequate, who has 3.5 million to spend today?

The fact is that most organizations live "below the security poverty line".  One of my friends in the infosec world and someone who many follow is Wendy Nather, director of research for enterprise security at the 451 Group.  Wendy has real world experience as a CISO at both private and public organizations. She is extremely bright and dialed into the infosec scene.  She co-authored a report titled "Security Below the Poverty Line".  Wendy's research shows that most organizations don't have anywhere near the resources required to do security right. 

I actually wrote a follow on to Wendy's report on Secure Cloud Review (another place I blog) titled, "Brother Can You Spare A Dime: Life Below The Security Poverty Line". In it I detailed that like the real poor today, security poor organizations may make due on a "high carb" diet of security that lacks "protein". By that I mean they have minimal security that gets them "fat" but doesn't really do the job. Anyone who is working in security recognizes this as a real problem we all face.

I wanted to speak to Wendy about what role open source security can play to raise organizations above the security poverty line.  The open source security community has always been an innovative and dynamic one. In just about every security area there is a viable open source project.  So could open source be the secret weapon in the war on security poverty? 

Wendy and I discuss just this and what her research shows.  You can listen to our 15 minute discussion below.  But let me give you some insight even if you don't listen to the podcast.  The costs of security are not only the hardware and software of the security products.  The human costs of security are equally expensive.  Even deploying open source security projects will take experienced, qualified security know how. That costs money, more money than many organizations can afford.  So open source in and of itself is not going to be a panacea here. 

There are other potential ways to address this problem. Outsourcing security is one way that can spread the cost of security over time. Buying security a slice at a time instead of the whole pie at once.  But again even security as a service so to speak can be more than some companies will budget for security. 

This is an age old problem that those of us in the security space no well.  Every survey done always indicates that security is in the top two or three priorities for every CIO.  However, when it comes time to pony up the money often times their arms are too short to reach their pockets.

Wendy Nather is a great person to learn from, please take the time to listen in and hear more pearls of wisdom from her in our discussion. Also, here is to a speedy and full recovery to Wendy, who was nice enough to record this with me just a few days before having some medical procedures performed. Good thoughts and prayers to you my friend! The security world will not be the same until you are back up to full speed!

Finally many thanks to The 451 Group for making a copy of Wendy's report available for free from the link in this post, it was previously only available to paying customers of the 451 Group.

Related articles
Enhanced by Zemanta

Posted at 01:30 PM in podcasting | | TrackBack (0)

August 16, 2011

Security Exe Podcast With Ward Holloway of Firemon

wardI am happy to be joined today by the new VP of business development at Firemon, Ward Holloway.

Ward is a veteran of the security industry having served many years at Crossbeam Systems, working with their many partners. Prior to Crossbeam, Ward was with Checkpoint as well.

Ward just joined Firemon and he talks to us about why he joined, what gets him excited about the company and what we may expect in the near and long term future. I have been doing some consulting for Firemon myself, so am of course very excited to have Ward on board.

Enjoy!

Related articles
Enhanced by Zemanta

Posted at 03:59 PM in podcasting | | TrackBack (0)

June 30, 2011

Firemon’s Jody Brazil on Security.exe

As I have written before, I have been doing some consulting for Firemon lately. One of the reasons I do is that I enjoy working and interacting with Jody Brazil, the President of Firemon. I have known Jody for a number of years since he was CTO over at Fishnet Security.

Jody is an easy going guy who I can sit and chat with anytime. It seems before we look up we can spend a hours talking about everything and nothing. That is why we had to be careful to stay on point for our Security.exe podcast this week Winking smile

Jody tells us about recent events at Firemon, as well as the forthcoming risk analyzer product they will be releasing. We also talk about the general state of security.

Have a listen and enjoy!

Related articles
Enhanced by Zemanta

Posted at 09:42 AM in podcasting | | TrackBack (0)

May 27, 2011

GlobalSign, BioWrap and Securing Data with Digital Certificates

globalsign-logoOn this episode of Security.Exe I had a chance to talk with Lila Kee, VP of Biz Dev and Chief Product Officer at GlobalSign. GlobalSign is owned by CloudGMO, a large internet and technology company located in Asia. GlobalSign is their digital certificate division.

Lila tells us about the company and specifically their BioWrap technology that brings real management and control over access to data. The company recently launched a new initiative in the healthcare sector.

Listen in as Lila tells us all about it.

Enjoy!

 

Related articles
Enhanced by Zemanta

Posted at 08:41 AM in podcasting | | TrackBack (0)

May 25, 2011

Proofpoint–More Than Just FISMA, It’s All About Email

There has certainly been a big to do over FISMA certification and cloud hosting. Google and Microsoft have traded barbs, insults and law suits over who really has the goods when it comes to being FISMA certified.

Proofpoint, a partner of Microsoft's in the cloud based email business has now been FISMA certified along with Microsoft regarding an USDA deployment.

But Proofpoint is more than FISMA, they are a player in the email security and archiving business. I had a chance to sit down with Andrés Kohn and discuss what Proofpoint is all about.

Listen in as Andrés tells us about Proofpoint

Enjoy!

 

Related articles
Enhanced by Zemanta

Posted at 02:33 PM in microsoft, podcasting | | TrackBack (0)

May 10, 2011

Akamai–The Security Company

I am happy to be joined this week by Andy Ellis and Michael Smith of Akamai. As I wrote about, Akamai is supporting the Security Bloggers Network and promoting their latest research that shows 3 attack trends that threaten your site. Also prior to that Andy and Michael had another great webinar on DDOS attacks.

While most people think of Akamai as a content delivery network company, they are also on the cutting edge of security. Because up to 25% of the content on the Internet goes through their network, they have had to develop their own security solutions that work at that scale and with the problems they face.

So listen in as Andy and Michael tell us about Akamai, the security company.

andy.jpg    michael.j.smith.bluegrey-crop

Related articles
Enhanced by Zemanta

Posted at 02:16 PM in cloud, podcasting, security bloggers network, the security industry | | TrackBack (0)

February 08, 2011

It’s 10pm, Do You Know Where Your Certificates Are?

Image representing Venafi as depicted in Crunc...

Image via CrunchBase

Certificate proliferation has become a real problem at many enterprises. How many certificates they have, who has access and to what is something that could be keeping you up at night. Many enterprises have hundreds if not thousands of certificates floating around. Often times many are not even necessary anymore and the people they were issued to are no longer using them.

On top of this Stuxnet has brought certificate theft into the equation. What can be done to reign in this certificate chaos? Venafi has the answer. They have just released version 6 of their Encryption Director flagship.

Venafi CEO Jeff HudsonI had a chance to sit down with Jeff Hudson, the CEO of Venafi to discuss the state of the digital certificate space and how Venafi is helping. Enjoy!

Related articles
Enhanced by Zemanta

Posted at 10:35 AM in podcasting | | TrackBack (0)

January 11, 2011

Mike Rothman and Ashimmy on Dell-Secureworks and more

rothmanMike Rothman has been appearing as a guest on my podcast for 5 years or so now. It is always a pleasure to have him on.  To kick off the new year Mike weighs in on the Dell-Secureworks deal.  Who would have though Mike would have something to say about it?  Of course Mike has something to say on just about everything, but it is always fun and interesting.

Besides the Dell deal, Mike and I talk about security incidents and brand damage in reply to an article George Hulme had in Infoweek yesterday. We also touch on RSA Conference coming up in about a month and what Mike and the rest of the Securosis team will be doing there.

One place they will be is at the Security Blogger Meet up where the Social Security Blogger Awards will be handed out. Mike is a nominee for most entertaining security blog for his weekly incites. If you haven’t already voted, head over to this link and vote!

In the meantime enjoy the podcast!

Related articles
Enhanced by Zemanta

Posted at 12:42 PM in awards and PR, links and appearances, MandA, podcasting, rich mogull, Security Incite | | TrackBack (0)

January 10, 2011

And the winners are …..

social security bloggers awards 11It is that time of year again! Starting today voting is open for the 3rd annual Social Security Blogger Awards.  You can vote at http://www.zoomerang.com/Survey/WEB22BQFS9A3BN/. Be warned that you must leave a verifiable email and blog address in order for your vote to count. Of course the winners will be announced at the Security Bloggers Meet up at the RSA Conference next month.

Before I announce the finalists, I want to give a special thanks to our all star panel of celebrity judges:

1. Bill Brenner of CSOOnline

2. Ellen Messmer of Network World

3. Kelly Jackson-Higgins of Dark Reading

4. Larry Walsh of Channelnomics

Without further delay I am very pleased to announce the finalists for the 3rd Annual Social Security Blogger Awards:

Best Corporate Security Blog

Best Security podcast 

Most educational security blog

Most entertaining security blog 

Security Blog that best represents the industry

The single best security blog post of the year

Every single one of these blogs is already a winner having been selected by our blue ribbon panel of judges. Voting closes at the end of the month, so please don’t wait to vote!

Posted at 12:34 PM in amrit williams, awards and PR, Chris Hoff, Current Affairs, General Background, General Security, podcasting, security bloggers network, Security Incite, the security industry, tradeshows, Weblogs | | TrackBack (0)

« Previous | Next »
My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search


Attend a Computer Forensics Boot Camp to better your skills and become a better worker

Categories

Blog powered by TypePad
Member since 10/2005

About