Nothing is inspiring me greatly in the security world today. I just don’t want to talk about what everyone else is talking about. So, I decided that I would throw down some practical advice from a security practitioner. Here goes:
Be SOCIAL!
Here is a clue. Many executives and board members think you are throwing money down an ever-growing hole that never shows return. DO NOT let your pride get in the way of making yourself visible to that CEO, CFO, COO, etc. Let them know what you are doing. How do you do that?
First, hire a hacker buddy. Next, open a hole in your firewall. Third,…wait, that’s not right.
Sorry about that. OK, here we go:
DO…
- …make personal appearances at company functions.
- …make eye contact
- …say hello to people in the hallway.
- …eat lunch with your coworkers.
- …talk to people at the water cooler.
- …put up pictures of your kids.
- …talk to people about your kids.
DON’T…
- …sit in your cubicle lined with Wargames memorabilia and mumble to yourself that you are doing a good job and that you don’t have to justify your existence while thinking of how Picard is a better Enterprise captain than Kirk (here come the flames).
Let ‘em know you are a person. Then, and only then, can you expect to start giving them some info on what you actually do in your job. Think about it.
Vet
Alan Shimel posted about my short blurb on the FCC getting a positive ruling on the issue of requiring broadband providers and IP telephone service providers to comply with US wiretap laws. Since he took issue with my post (dang him!), I felt the need to clarify. Here is my response to his post:
Alan,
I feel the need to clarify this blog post, and I was actually going to do so on my blog later today. I guess I will just copy this comment into my blog since you have forced me into action. 
I really meant this to be tongue-in-cheek, but I wrote it a little early, so I might not have been fully awake, so it obviously was not very effective.
If the government is going about this legally, if the courts uphold their position, and if the tap is justified, then I support it. I have posted that I have concerns that the government was not using warrants before (this is a change in my earlier position), and Martin McKeay and I had a discussion about that (should be in his podcast tomorrow).
Of course, many would argue that it is still not right to do it and civil disobedience is justified, but I don’t believe that in this case. Hope that clarifies my position.
I agree with Alan on this one. If the government goes about the tap legally and in full compliance with the law (warrants, the whole bit), then I have no issue with this ruling and the use of the law to catch the baddies.
I must point out that the InformationWeek article had a negative tone to it.
Vet
Go see this story at Information Week. Looks like your Skype calls are free game. Break out the encryption!
Vet
Here are some definite steps in the right direction. I see some inkling that they are taking this beyond just the laptop issue, so that is a sign that they may be taking this as a lesson to be applied to their whole infrastructure. We’ll see how they handle it.
Vet
