Next week is the RSA conference. You might have noticed from some of our recent blog entries. And I am really looking forward to it. It’s one of my favorite events, but I am especially anxious for good food. Yes, I want to see a bunch of friends, and yes, I have a lot of vendors I am anxious to catch up with to chat ‘bout some of their products. But honestly, all that takes a back seat to food. I like living in Arizona, but the food here sucks. Going to San Francisco, even the small hole-in-the-wall lunch places are excellent. In Phoenix, if you want a decent steak or good Mexican food, you’re covered. If you want Thai, Greek, Japanese or quality Chinese (and by that I mean a restaurant with less than two health code violations), you are out of luck. San Francisco? Every other block you find great places. And Italian. Really good Italian.
sigh … What was I talking about? Oh yeah, food!
Have you ever noticed that most security guys are into martial arts and food? Seriously. It’s true. Ask the people you know and you may be surprised at the pervasiveness of this phenomena. Combined with the fact that there are a lot of ‘foodies’ in the crowd of people I want to see, I am going look like I want to hang out, but still find quality pad thai. And I know there are going to be a dozen or so people I want to see who have the same priorities, so they won’t be offended by my ulterior motives. I plan to sneak off a couple of days and get a good lunch, and at least one evening for a good dinner, schedule be dammed! Maybe some of the noodle houses on the way up to Union Square or the hole-in-the-wall at the Embarcadero center that has surprisingly good sushi. Then swing by Peet’s on the way back for coffee that could fuel a nuclear reactor.
Anyway, it’s a short Friday summary this week because I’ve got to pack and get my presentations ready. Hope to see you all there, and please shoot me an email if you are in town and want to catch up! Just say Venti-double-shot-iced-with-cream-n-splenda-shaken, and I’m there.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich interviewed by MacVoicesTV at Macworld on Security Threats and Hype.
- Adrian’s Webinar with Qualys on Database Vulnerability Assessment (reg req).
- Team Securosis’ RSA 2010 Conference Preview. Same video on blip.tv.
- Adrian quoted by Sentrigio.
- Rich and Adrian on Deep Content Analysis Techniques (video).
- Adrian’s Dark Reading posts on The Cost of Database Security.
- Adrian’s Webinar with Netezza on Understanding and Selecting a Database Activity Monitoring Solution (reg req).
Favorite Securosis Posts
- Rich: Answering Dan Geer: It’s Time to Reexamine Priorities and Revisit Paradigms. One of the reasons Adrian and I started working together is that back when I was at Gartner and he was at IPLocks, we found ourselves kindred spirits on data security long before it was chic. Geer hits it out of the park with his call for focus on the data, but Adrian does a better job of providing context and priorities for focus. Check out our Data Security Research Library if you want to read more on information-centric/data security.
- David Mortman: Answering Dan Geer: It’s Time to Reexamine Priorities and Revisit Paradigms.
- Mike Rothman: Adrian’s “Answering Dan Geer” No one argues the importance of information protection, but the devil is in the details.
- Adrian: Rich’s Firestarter IT-GRC: The Paris Hilton of Unicorns. Rich beat me to the punch on this one!
Other Securosis Posts
- RSAC 2010 Guide: Security Management
- Retro Buffoonery
- RSAC 2010 Guide: Virtualization and Cloud Security
- RSAC 2010 Guide: Content Security
- Webcast on Thursday: Pragmatic Database Compliance and Security
- RSAC 2010 Guide: Endpoint Security
- Incite 2/23/10: Flexibility
- RSAC 2010 Guide: Application Security
- RSAC 2010 Guide: Data Security
- RSVP for the Securosis and Threatpost Disaster Recovery Breakfast
- RSAC 2010 Guide: Network Security
- Introducing SecurosisTV: RSAC Preview
- RSAC 2010 Guide: Top Three Themes
- Upcoming Webinar: Database Activity Monitoring
Favorite Outside Posts
- Rich: Uncommon Sense Makes Executives into Common Criminals. Great example of the social/government conflicts generated as new technology exceeds the personal frame of reference of those creating and enforcing laws.
- David Mortman: Identifying Opportunities for Improvement in Security Architecture.
- Mike Rothman: What if Bill Gates Never Wrote the Trusted Computing Memo? Normally I don’t waste time playing “what if?” games, but Dennis makes this one fun.
- Pepper: The Spy at Harriton High. So a school was spying on students… and making webcasts about it… and lying to the kids & families about it… and threatening students who futzed with the laptops. CRAP!
- Adrian: A nice overview post on Web Security Trust Models on the Freedom to Tinker blog.
Project Quant Posts
- Project Quant: Database Security – Configuration Management
- Project Quant: Database Security – Masking
- Project Quant: Database Security – WAF
- Project Quant: Database Security – Encryption
- Project Quant – Project Comments
- Project Quant: Database Security – Protect through Monitoring
- Project Quant: Database Security – Audit
Research Reports and Presentations
Top News and Posts
- Conflict of Interest: When Auditors Become Consultants. I keep hearing more and more about this, and from my perspective there is a lot left unspoken about Trustwave’s business models that will come under increasing scrutiny this year.
- Rsnake on Banks and the UUC.
- Google Execs Convicted in Italy.
- Microsoft Takedown of Waledec Botnet.
- Symantec State of Security Report. Glad the New School guys saw this as I would have missed it. It’s an interesting executive overview.
- Hacker Arrested in Billboard Porn Stunt. See? Those Russian hackers don’t just steal our credit card numbers – too bad the article doesn’t have pictures…
- Widespread Data Breaches Uncovered by FTC Probe. Watch that P2P file sharing folks!
- Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps
- ‘Sophisticated’ Hack Hit Intel in January
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Alan Shimel, in response to RSAC 2010 Guide: Network Security. And in case you think this is a case of nepotism, this very topic has been on the minds of every Securosis team member too. We will have a lot more to say on this subject, but Alan is this week’s winner as he captured the essence of our internal debate!
Guys I love the RSA guide. here is one stat I would like to see though. How many at RSA are actually potential customers or is truly a party by the security industry for the security industry. SE’s actually showing you stuff on the show floor? Its more adult trick or treaters looking for t-shirts and other chatchkes.