The Art of Keeping Things Done

The current field of information security is largely one of arcana, vagueness, arbitrary views, philosophy, mountaintop sages, a general lack of reliable data, and legions of vendors selling “best practices.”

It was my hope that I could help out a little by giving a talk on my take of how our industry can best navigate during these turbulent and weird times and come toward relevance and transparency.

That’s enough of a preface. Here’s the talk I gave at the Seattle NAISG meeting this month.

Continue reading The Art of Keeping Things Done

April 9th, 2010 | Tags: , , , | Category: Information Security, Presentations | 11 comments

The Politics of Respect

There is a lot of perennial talk of social engineering and direct project/resource management. Attempts to solve complicated political situations with manipulation or a slick widget tend not to work very well over time. They are not addressing the underlying issue.

The wedge of compliance or a mandate from a framework may get some base requirements [...]

February 12th, 2010 | Tags: , | Category: Business, Information Security, Politics | Leave a comment

Federal Data Breach Bill (H.R. 2221) Passes House

H.R. 2221 defines personal information as, “an individual’s first name or initial and last name, or address, or phone number, in combination with any 1 or more of the following data elements for that individual:

(i) Social Security number
(ii) Driver’s license number or other State identification number
(iii) Financial account number, or credit or debit [...]

December 22nd, 2009 | Tags: , | Category: Information Security | Leave a comment

The Trials of Toorcamp

Toorcamp was many things this year.

It was fun.

It was uncomfortable.

Dustdevils ate things occasionally.

It was turbulent due to the trouble with Levitate to get hackers to help promote their event for free or they wouldn’t fulfill their agreement to let us use the missile facility for talks and workshops.

There was some excellent music.

There were fine people in attendance as it took some dedication and preparation to get out there and stay there.

Enough said about that. I was expecting more problems. More can be found at the Toorcamp wiki.

My presentation at this Toorcon Seattle area hacker retreat was concerned itself with three main points.

  1. How to get a job in todays market
  2. Identifying the common players and bad actors in todays organizations
  3. How I recommend dealing with them

I entitled my talk Hacking HR in the traditional usage of the word hack. I’ve seen a lot of usage that uses “hack” as a synonym for small tips on how to accomplish obvious tasks. This isn’t how I use the word.

Anyway, let’s get started.

Continue reading The Trials of Toorcamp

July 16th, 2009 | Tags: , , , , , , | Category: Business, Information Security, Management, Presentations | Leave a comment

My talk at Seattle Toorcon 2008

I gave a little talk this weekend at the second Seattle Toorcon.

My presentation is as follows, though as usual, I ad lib when presenting. Video may appear in the future.

Continue reading My talk at Seattle Toorcon 2008

April 19th, 2008 | Tags: , , , | Category: Information Security, Presentations | Leave a comment
 
  Older Entries »