Was in Chicago on Friday and Saturday for ThotCon and BSidesChicago.
If you have never been to a conference, I highly suggest that you go.
Not just for the speakers either. There is a whole other aspect of the conference that @Wh1t3Rabbit (Rafal Los from HP) calls the Hallway Con. He has a fantastic security oriented blog (if you want to follow the WhiteRabbit down the hole) located at http://h30499.www3.hp.com/t5/Following-the-White-Rabbit/bg-p/sws-119.

I had many interesting discussions over the weekend. One of them was with a Java developer who was attending her first conference ever and it was a security/hacking conference. I was mainly there of course for my own personal development and to support the efforts of my great friend Georgia Weidman (check her out… seriously!). During those discussions though, it was made apparent to quite a few of us that difficulties exist in the field of IT with regard to business.

There is a lot of finger-pointed and laying blame with regard to problems and issues especially with regard to security. InfoSec people blame developers for bad code, web-app developers blame improper use of their applications, users complain about viruses and malware and wonder why the products they buy are not more stable, the list goes on and on.

The solutions may not be easy, but they certainly are made more difficult by all this diatribe. Such solutions would be much better facilitated by honest and frank discussions among all the parties.

InfoSec professionals need to reach out to business. Yes, you want to sell your services, yes you want to make money, so do they. Some of them aren’t even aware that they have problems. Firstly, those who seriously want a paradigm shift should endeavor to change the landscape. Help business remove its blinders, talk to developers and help them understand where the weaknesses typically exist in their code and work with them in developing it. Every developer should be good friends, or at least darn good acquaintances with one or two security professionals.

Lastly, there should be more effort to spread the wealth of knowledge regarding InfoSec to the next generation and to those responsible for our future.

Advertisements

In recent days, I have switched jobs and made great strides in furthering my personal development.

Classes are going well. Should get a 4.0 this semester. Pursuing that second degree don’t you know.

Attended Indiana Linuxfest last weekend. Not overly impressed with how that turned out. Talked to some others in the local IT community. The plan is to do our own two day track there next year and help make it better. Headed to ThotCon and BSidesChicago this weekend. Looking forward to it. Will definitely try to blog about those when I get back. Then I have tickets to BSidesDetroit on June 1st and 2nd. Night before last I won a ticket to DerbyCon later this year, September 27-29? Tickets don’t even go on sale until this Friday. I definitely lucked out there (as well as saving $150). This year is shaping up to be one of good things.

In InfoSec news, big breaches appear to have temporarily slowed down, not sure if that is a result of the Anonymous arrests, or just that they are not being reported. It is after all bad press when a company or organization gets their name bandied about by big media due to their ineptness or flaw in their security program.

Still involved with the local LUG, that won’t stop either. Anyway, I have to get ready to head to Chicago tomorrow after work. Better get moving.

In two days, Saturday the 10th, I am registered for a Linux conference in Ohio. Ohio LinuxFest 2011. I hope to learn new things and be exposed to a larger Linux world while I am there. That being said the first meeting of IvyLUG is next Tuesday. Cliff Garwood and I were approached by Brian (DC, Instructror, Mentor) to start a Linux users group on the Fort Wayne Ivy Tech campus. We have approached this with gung-ho enthusiasm. The website for the group is http://www.ivylug.org
At the end of the month I am registered for DerbyCon in Louisville. I am treating this as a wonderful opportunity to learn from some of the great people in the IT security world. I look forward to meeting them and absorbing whatever information they are willing to share. Brian (again) is also attending DerbyCon. I tried convincing some of my CCDC teammates to attend but they were unwilling.
Recently, (the week it came out), I purchased Dave Kennedy’s book on Metasploit. It is a fantastic work! Since Dave is one of the cofounders of DerbyCon along with Adrian Crenshaw, I hope to have Dave sign my book while I am there. Along with any others from the Metasploit project that I can find. I know that Rafael Mudge and Carlos Perez both are presenting at DerbyCon and I am hopeful that I can add their signatures as well.
Regardless of anyone else, it is my firm belief that continuous learning is necessary to grow and move forward. In my chosen field to remain stagnant and resist further learning seems negligent to me.

Presenting to the ISSA

Posted: September 1, 2011 in Uncategorized

Two weeks ago today, I presented to the Fort Wayne ISSA chapter. I did a presentation on Social Media. Specifically, I talked about Facebook. The presentation actually lasted longer than I thought it would. I think it went pretty well. There was some good discussion afterwards.

A week from this Saturday, I am heading down to Columbus for Ohio LinuxFest. Then at the end of the month I am going to DerbyCon in Louisville. I look forward to both those excursions. The learning never stops, and there is lots to learn!

On Television –

Posted: May 25, 2011 in Uncategorized

Someone, whom I regularly follow their blogs and podcasts, was recently on television. Most specifically on a Canadian television show called 16 by 9 (16:9).

Georgia Weidman recently made some IT security news by proposing that smart phones could be used as a botnet. She then took her theory and proved that it can be done. I invite those interested to watch the coverage from the episode ( http://www.globalnews.ca/story.html?id=4764755 ). I also think that if you are more interested in the information, you should research her slides and presentations she has done on the topic. Here is just one post on the topic – http://securitymusings.com/article/author/gweidman . For those further interested, check the Defcon site or similar sites for relevant slide materials. If you can’t find any, give me a shout out and I’ll help you locate them. Of course during your search(es) you will in all likelihood learn many other security details, so the search can be rewarding.

It was also great seeing Larry Pesce on the same 16:9 new story. Larry is a co-host of a podcast I regularly watch, PaulDotCom. For those IT security minded, I highly recommend catching the PaulDotCom weekly broadcast. Past episodes are also available for viewing.

In the end, your smart phone might be smarter than you think it is. And unfortunately, it doesn’t always keep your secrets.

Training with the IronGeek

Posted: May 23, 2011 in Uncategorized

This past Saturday, our local ISSA chapter set up a training session with Adrian Crenshaw. I had watched many conference videos of Adrian, as well as videos on his website (  http://www.irongeek.com ). It was great to finally get to meet the IronGeek. In addition, to meeting him, he provided quite a few hours of stimulating intellectual presentation and discussion. I highly recommend visiting his website and taking the time to view some of his presentations. There were also some great people at the training session that I had never gotten a chance to meet at local ISSA meetings. All in all it was a great day of learning.

This training session was sponsored by Splunk. They provided lunch for us. I first got exposed to Splunk as part of my schoolwork. I ended up writing a paper about them for a class. In addition, one of the challenges at our State CCDC competition was to setup and utilize Splunk. This simple product is one I highly recommend. The Splunk rep put on a nice simple presentation about their product after lunch, it was interesting seeing the perspectives of those who hadn’t heard of it, or had no idea of it’s potential.

Again, I had a great time learning some new stuff in addition to looking at stuff I already knew from different angles. I look forward to seeing Adrian again at DerbyCon later this year.

Another Achievement

Posted: May 19, 2011 in Uncategorized

So, today at around 11:45AM EST, I got my Security+ Certification. Looking forward to getting the Certificate sent to me as well as the logos so I can get my business cards made up. This is just one more stepping stone on my path to a brighter future. Over the past few months, I have really taken hard looks at the ‘playing field’ so to speak. IT security is growing by leaps and bounds, just as I thought it would over 2 years ago when I began this journey. I am looking forward to my further adventures and the challenges that lay ahead.