A challenge for Josh Corman
The narcissistic side of me likes to brag that the 451 Group's Josh Corman owes his fame to me for writing about his talk on PCI as "No Child Left Behind" more than a year ago.
The article caused heated debate on Twitter and led to a two-part podcast debate I co-hosted with Network Security Podcast host Martin McKeay. The debate then turned into a road show of sorts, with PCI panel discussions at several security conferences last year, with different players in each town.
Now, I know I really had nothing to do with Corman's fame. He was already well on his way before we met at Chris Hoff's July 4 party in 2009.
He's earned his place in the community for taking on Rugged and putting together colorful presentations like this:
But I am happy to have played a role in the PCI debate. I'd like to think we're all a bit smarter about PCI and compliance in general as a result of the trouble that little story caused.
Which gives me the nerve to suggest something that'll probably make Corman annoyed with me, if he's not already.
We're seeing another acronym getting thrown around a lot these days, largely thanks to RSA's recently-announced security breach: APT, the advanced persistent threat.
Last week Corman made a comment on Twitter about APT being the new PCI.
It was said in partial jest, but there's something there, in my opinion. APT is becoming as overused among security vendors as PCI is, and that means companies will be buying security products based as much on their fear of becoming the target of an APT as they were of becoming the target of a cranky PCI auditor.
When fear drives your security decisions, those decisions often lead to other holes an attacker will eventually find and exploit.
So what do we do about that? My suggestion is a rolling debate on the APT, with Corman in a starring role. It can start with a podcast debate like we did with PCI and mushroom in similar fashion.
It's a broad enough subject that his ongoing themes of Rugged and zombies will fit in nicely.
That's my suggestion.
Now to go hide before that angry call from the 451 Group appears on my phone.
--Bill Brenner
Print
The article caused heated debate on Twitter and led to a two-part podcast debate I co-hosted with Network Security Podcast host Martin McKeay. The debate then turned into a road show of sorts, with PCI panel discussions at several security conferences last year, with different players in each town.
Now, I know I really had nothing to do with Corman's fame. He was already well on his way before we met at Chris Hoff's July 4 party in 2009.
He's earned his place in the community for taking on Rugged and putting together colorful presentations like this:
But I am happy to have played a role in the PCI debate. I'd like to think we're all a bit smarter about PCI and compliance in general as a result of the trouble that little story caused.
Which gives me the nerve to suggest something that'll probably make Corman annoyed with me, if he's not already.
We're seeing another acronym getting thrown around a lot these days, largely thanks to RSA's recently-announced security breach: APT, the advanced persistent threat.
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Last week Corman made a comment on Twitter about APT being the new PCI.
It was said in partial jest, but there's something there, in my opinion. APT is becoming as overused among security vendors as PCI is, and that means companies will be buying security products based as much on their fear of becoming the target of an APT as they were of becoming the target of a cranky PCI auditor.
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
When fear drives your security decisions, those decisions often lead to other holes an attacker will eventually find and exploit.
So what do we do about that? My suggestion is a rolling debate on the APT, with Corman in a starring role. It can start with a podcast debate like we did with PCI and mushroom in similar fashion.
It's a broad enough subject that his ongoing themes of Rugged and zombies will fit in nicely.
That's my suggestion.
Now to go hide before that angry call from the 451 Group appears on my phone.
--Bill Brenner
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
