Blog Posts

I will be talking part in this Dell Security Think Tank on the 17th of September.

The Unglamorous Work of a Security Practitioner

Here is a stack 105 computers we are surplusing at work after 5 years in service.

Before they get sold at auction it is my job to make sure all the data is securely and permanently removed from the drives.   For this tedious job I turn to a copy of DBAN to wipe the drive 7 times (also known as the DoD 5220.22-M wipe).  It takes about 4 hours per PC so for most of the last 3 weeks I have been babysitting this stack of computers to make sure they finish correctly and without errors.

This is what “real security” work boils down to for most practitioners.  As much as I want to pretend that my job is chasing down hackers, adding new firewalls and yelling cheesy movie lines… it is taking care of the little stuff like this that ensures we don’t sell our users data that is one of the most valuable things I do at work.

Not What I Want To Do, But Who I Want To Be

As I sit in the seat of Row 28 (No upgrade for me today!) on a flight from San Francisco to Chicago I have plenty of time to think about what kind of person I want to be.   A lot of people have a bucket list of places they want to go, things they want to do and people they want to meet.  I have one of those lists also but I figured it was time to sit down and write a list of what I want to be.

Here is my “Who I want to be” bucket list:

I want to be a GREAT father and husband.

I want to have self-respect and dignity.

I want to be confident but not egotistical.

I want to be an awesome friend, colleague and mentor.

I want to be motivated and challenged every day that I wake up.

I want to have a feeling when I am 75 that I have spent my time well.

I missed the easy ones on this list right? Don’t I want to be rich, successful, popular, happy and rich?  I think those are all byproducts of being the things on this list and cant be totally achieved outside of these goals (Theoretically I could start playing and win the power ball). Hopefully in 40 years I can pull this list off of archive.org on my Ipad 87 and be able to put a big fat check mark by each line.

Thank You Fitbit!

Last Friday I was going through the security line at the Atlanta airport and somewhere between putting my Fitbit Flex in the gray bin along with my phone, belt, watch, wallet, blazer, laptop, other laptop and shoes it got lost, stolen or maybe abducted by aliens.

So I do what I always do when something doesnt go my way… I complained about it on twitter:

By the time I had landed in Chicago I had this reply from Fitbit:

I filled out the form and got on the plane to Columbia.  When I got home I had an email from Ana B at Fitbit asking me for my mailing address and yesterday this was in my mailbox:

I am very thankful and amazed that Fitbit would do something as nice as ship me a brand new fitbit flex for something that obviously wasn’t their fault and they had nothing to do with.

I was always super impressed with my Flex before this but now they have a fan for life.

Rules for the First Day of Preschool

My son is starting preschool tomorrow and I am going to sit him down and tell him this about school:                     

Listen to your teachers.

You don’t have to get naked to go to the bathroom.

Ask questions!

Help pick up!

It is OK to be nervous.

Play with everyone.

You don’t have to be first in line… everyone will get a turn.

Share, Share, Share.

Wash your hands.

Everyone loves a high five.

Everyone is different.           

Eat fast.

Do something different at recess every day.

Hug kids who are crying.

Not everyone will like Teenage Mutant Ninja Turtles.

Have fun!

Be Yourself!

The day I about died at the Omni in Atlanta.

Keeping Hackers Out Of Your Capitol


Normal
0
false
false
false
EN-US
X-NONE
X-NONE


/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:8.0pt;
mso-para-margin-left:0in;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}

Today I am lucky enough to get to present at the National Conference of State Legislators Annual Summit on “Keeping hackers out of your Capitol”. This is a great subject I get to bring to legislators and legislative staff from around the world.

My talk this afternoon breaks down to three main areas:

Security Awareness:
Every successful security program is based on a good security awareness program.  If you are not giving your end users the information and tools to help you keep your network secure you are setting yourself up for failure.

Improved Infrastructure:
Money. There I said it.  Good security isn’t cheap. Great security is expensive.  If you haven’t updated your firewall in the last 3 years you have the 1973 Ford Pinto of firewalls.  If you haven’t invested in a patching system or aren’t running a black hole system like OpenDNS you are exposing your network and users to an unnecessarily high level of risk.

Management Buy-in:
Getting management buy-in in a legislative environment is amazingly easy.  Just get hacked.  Your budget increases, you get the tools and staff you need.  Reporters calls you. You may get fired. You are truly living the dream.

Getting management buy-in without putting your job at risk is a much harder task to.  It takes soft-skills that most security people are not known for.  It takes the ability to talk convincingly to legislative leaders and administrators about why they need to spend money to stop something that they think may not happen (Who wants to hack us?).

Hopefully this talk leads to a bunch of change inducing conversations with legislative leaders from around the world.

Integrity is doing what’s right even though it costs you and no one will ever know about it.

Site Footer