JerryGamblin.com.

Researcher. Builder. Hacker. Traveler.

Blog Posts

44CON: Security Lessons from Dictators, Con-Flu and my Family Coat of Arms.

Publish Date210 Views

I was lucky enough to spend last week in London attending one of the best organized and friendly conferences I have ever had the pleasure of speaking at.  44CON has the DerbyCon “All in The Family” model of a small intimate conference down with a crew that DefCon would die to have.

I arrived in London on Tuesday morning and spent Tuesday and Wednesday riding the tube and checking out the hottest tourist spots in London:

I even found my families British Coat of Arms (or was ripped off by  a tourist trap):

By late Wednesday afternoon when I made it back to the hotel I was tired and had caught a nasty cold that gave me the title of patient zero of 44Con-Flu.

Thursday I rolled out of bed just in time to walk over to the conference center and get into the green room before my talk on “Security Lessons from Dictators” was going to start.  I was sure I was going to be the first person to ever throw up on stage at 44CON but Dominic Spill saved me by awesomely running to tesco and getting me a vitamin water and a Lucozade (which is an English miracle drug).  I made it through my talk which was very well received and back into bed for a 5 hour nap before I showed back up for the InfoSec vs Technical panel that was extremely fun to be part of.

I was doing a little better by Friday and was able to catch most of the hidden track talks which due to the Chatham House Rule I think I can only tell you were extremely awesome.

Steve and Adrian have a really good thing going on in London and if you have a chance to attend, speak at or sneak into 44con in the near future I would suggest that you do it.

Tags , , Publish Date278 Views

I will be talking part in this Dell Security Think Tank on the 17th of September.

The Unglamorous Work of a Security Practitioner

Tags , Publish Date150 Views

Here is a stack 105 computers we are surplusing at work after 5 years in service.

Before they get sold at auction it is my job to make sure all the data is securely and permanently removed from the drives.   For this tedious job I turn to a copy of DBAN to wipe the drive 7 times (also known as the DoD 5220.22-M wipe).  It takes about 4 hours per PC so for most of the last 3 weeks I have been babysitting this stack of computers to make sure they finish correctly and without errors.

This is what “real security” work boils down to for most practitioners.  As much as I want to pretend that my job is chasing down hackers, adding new firewalls and yelling cheesy movie lines… it is taking care of the little stuff like this that ensures we don’t sell our users data that is one of the most valuable things I do at work.

Not What I Want To Do, But Who I Want To Be

Tags Publish Date164 Views

As I sit in the seat of Row 28 (No upgrade for me today!) on a flight from San Francisco to Chicago I have plenty of time to think about what kind of person I want to be.   A lot of people have a bucket list of places they want to go, things they want to do and people they want to meet.  I have one of those lists also but I figured it was time to sit down and write a list of what I want to be.

Here is my “Who I want to be” bucket list:

I want to be a GREAT father and husband.

I want to have self-respect and dignity.

I want to be confident but not egotistical.

I want to be an awesome friend, colleague and mentor.

I want to be motivated and challenged every day that I wake up.

I want to have a feeling when I am 75 that I have spent my time well.

I missed the easy ones on this list right? Don’t I want to be rich, successful, popular, happy and rich?  I think those are all byproducts of being the things on this list and cant be totally achieved outside of these goals (Theoretically I could start playing and win the power ball). Hopefully in 40 years I can pull this list off of archive.org on my Ipad 87 and be able to put a big fat check mark by each line.

Thank You Fitbit!

Tags , Publish Date220 Views

Last Friday I was going through the security line at the Atlanta airport and somewhere between putting my Fitbit Flex in the gray bin along with my phone, belt, watch, wallet, blazer, laptop, other laptop and shoes it got lost, stolen or maybe abducted by aliens.

So I do what I always do when something doesnt go my way… I complained about it on twitter:

By the time I had landed in Chicago I had this reply from Fitbit:

I filled out the form and got on the plane to Columbia.  When I got home I had an email from Ana B at Fitbit asking me for my mailing address and yesterday this was in my mailbox:

I am very thankful and amazed that Fitbit would do something as nice as ship me a brand new fitbit flex for something that obviously wasn’t their fault and they had nothing to do with.

I was always super impressed with my Flex before this but now they have a fan for life.

Rules for the First Day of Preschool

Publish Date161 Views

My son is starting preschool tomorrow and I am going to sit him down and tell him this about school:                     

Listen to your teachers.

You don’t have to get naked to go to the bathroom.

Ask questions!

Help pick up!

It is OK to be nervous.

Play with everyone.

You don’t have to be first in line… everyone will get a turn.

Share, Share, Share.

Wash your hands.

Everyone loves a high five.

Everyone is different.           

Eat fast.

Do something different at recess every day.

Hug kids who are crying.

Not everyone will like Teenage Mutant Ninja Turtles.

Have fun!

Be Yourself!

Publish Date193 Views

The day I about died at the Omni in Atlanta.

Keeping Hackers Out Of Your Capitol

Publish Date153 Views


Normal
0
false
false
false
EN-US
X-NONE
X-NONE


/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:8.0pt;
mso-para-margin-left:0in;
line-height:107%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}

Today I am lucky enough to get to present at the National Conference of State Legislators Annual Summit on “Keeping hackers out of your Capitol”. This is a great subject I get to bring to legislators and legislative staff from around the world.

My talk this afternoon breaks down to three main areas:

Security Awareness:
Every successful security program is based on a good security awareness program.  If you are not giving your end users the information and tools to help you keep your network secure you are setting yourself up for failure.

Improved Infrastructure:
Money. There I said it.  Good security isn’t cheap. Great security is expensive.  If you haven’t updated your firewall in the last 3 years you have the 1973 Ford Pinto of firewalls.  If you haven’t invested in a patching system or aren’t running a black hole system like OpenDNS you are exposing your network and users to an unnecessarily high level of risk.

Management Buy-in:
Getting management buy-in in a legislative environment is amazingly easy.  Just get hacked.  Your budget increases, you get the tools and staff you need.  Reporters calls you. You may get fired. You are truly living the dream.

Getting management buy-in without putting your job at risk is a much harder task to.  It takes soft-skills that most security people are not known for.  It takes the ability to talk convincingly to legislative leaders and administrators about why they need to spend money to stop something that they think may not happen (Who wants to hack us?).

Hopefully this talk leads to a bunch of change inducing conversations with legislative leaders from around the world.

Older Posts
Newer Posts

Site Footer