CSO

This is the first part of my podcast interview with Edward Schwartz, CSO of NetWitness. In this installment, Mr. Schwartz comments on regulatory compliance as a driver for security spending. He shines a light on how myopic focus on complaince can be dangerous to the organization.

SecurityBinge – a team composed of Chris Martin aka pr34ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hackers’ perspective. SecurityBinge, according to its founders, “will have a community-driven focus in the delivery of its high quality video productions.”

According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued. In a business context, corporate values and culture define the Tao. The success of any strategy depends on how it is supported by the Tao.

Gartner points out that encryption must be extended to all personal computers, not just company servers. Encryption not only addresses data leakage during personal and business use, but also when the hardware is retired. Disposed hard drives are often salvaged for the information they store. They recommend using strong encryption on files containing such information. Encryption Security Solutions' eSafe addresses this need.

According to Avishai Wool, CTO and co-founder of Algosec, 25% of firewall rule changes are unnecessary. This post summarizes a Black Hat interview discussing the factors that influence firewall efficacy.

What are we really selling when it comes to security? Pt. 2 of my Black Hat interview with Barmak Meftah highlights three security-spending catalysts. One must understand the goals and values of the business in order to use these catalysts successfully.

Malware is evolving from annoying popup ads to stealthy monitoring of user-system interactions. The business risk of malware is evident in the recent Heartland Payment System breach. This is the 1st part of a Black Hat interview discussing the threat and mitigating controls.

According to Fortify's Barmak Meftah, “you can't blindly identify problems inside of code without taking the risk element into account.” This is the first part of a BlackHat interview discussing the current state of application security and Mr. Meftah's vision of the future.

DefCon 17 is among us, but do you know what it is? This installment highlights my initial impressions on this convention.