Category: Accuvant

New talk – The Solution vs The Silver Bullet

New talk – The Solution vs The Silver Bullet

I have developed a new presentation that I gave for the first time yesterday at the Texas Technology Summit in Houston. The title and synopsis are below.

Title: The Solution vs The Silver Bullet (or InfoSec Industry != InfoSec Practice)

Synopsis: The information security industry and information security practice are two concepts that should not be confused. The industry is for making money. The practice is for securing your organization. While the two certainly overlap on a Venn Diagram, there are large areas where never the two shall meet. The infosec practitioner needs to know how to discern where the practice stops and the industry starts. Otherwise, the Silver Bullet mentality will take over, and the practice becomes unmanageable. Join Michael on this talk to discover how to start down the path of discernment. Michael will give practical ideas on dodging the Silver Bullet cycle or getting out of it if you are there already.

The Texas Technology Summit is more of a general IT show with a good amount of security focus. I picked that venue for this talk because I wanted to test the talk first on that kind of general crowd. I wanted to see if it resonated with folks who might have security as a part of their job, but not be solely focused on security. Turns out that it did. I had great feedback that addressing security as a complex system rather than a checklist helped them with their approach to building a security program. I also talked about determining your organization’s current and desired security maturity levels, and using that data to help make decisions. That was also very well received.

I did have a couple of people at the show who are straight security professionals who I know and respect. They were very positive about the talk as well. So now I am going to try it on a security-focused crowd at NAISG DFW next week. We’ll see how it goes there. I may do a bit of tweaking between now and then, but overall I am happy with the talk. I’ll post a recording if I get one while I am there.

Accuvant Wireless Practice looking for good people

Accuvant Wireless Practice looking for good people

accuvant Hello everyone.  Accuvant (my employer) is looking for people for the wireless practice.  You do not have to be an expert in wireless right now.  Really they are in need of some people who have good routing and switching skills.  They can teach a lot of the RF stuff.

It will require a good bit of travel, but they are starting to do some cool stuff.  I have been working with the wireless team a lot lately on a couple of RFP’s (large wireless backhaul networks for cities, wireless audits, etc.), and these guys are top notch.  The wireless practice director (Matt Bossom) is one of the best guys I have ever met.  He is extremely responsive on helping with projects, and everyone on his team says he is a great boss.  He also speaks quite a bit on wireless and wireless security, as do a few other guys on the team.

I know the other teams are looking for people as well (Assessment, Compliance, and Security Technologies), but I don;t know the details.

Let me know if you are interested.


Announcing a new security blog

Announcing a new security blog

There’s a new security blog out there, and this one is another Accuvant employee (so you know it is going to be good). 

His name is Jim Broome, and his blog is called Jim’s Bloggyness.  Jim is an Assessments Team Lead at Accuvant, and he is one smart dude.  Here’s his profile:

Jim Broome, an information security industry veteran with over a decade of experience in the field, is a Principal Consultant with Accuvant?s assessment team and also acts as the technical lead for the assessment practice area.

Accuvant is a leading national security consulting organization that designs and executes strategies to address its clients? complex information security challenges. Jim?s role is to provide world class security consulting services to Accuvant clients while still providing technical leadership to the assessment team as a whole.


As one of Accuvant?s more seasoned assessors, Mr. Broome, has performed a number of consultative engagements including enterprise security strategy planning, risk assessments, threat analysis, application assessments, network assessments and penetration testing, and wireless security assessments for a large number of fortune 500 clients. These clients represent a variety of markets including manufacturers, telecommunications (cellular and traditional), public utilities, healthcare, financial services, and state governments.

Prior to joining Accuvant, Jim was a Principal Security Consultant for Internet Security Systems and a member of the X-force penetration testing team. At ISS, he was responsible for providing technical leadership to the Western Region consulting practice while performing his day-to-day duties of performing network assessments and penetration testing. Prior to ISS, he was the Director of Network Operations for, a managed service provider exclusively for credit unions. At, Jim was responsible for managing the network operations staff and security organization while maintaining 99.999% uptime.

Notable Accomplishments

With a been-there-done-that attitude, Jim is a constantly sought after consultant, due to his extensive level of knowledge in most areas of security implementation and management from both a technical and managerial level. As one of the original authors of several training programs including Checkpoint Software?s CCSA/CCSE program, Jim is a well regarded security/technology instructor and mentor to many administrators and IT management organizations.

Since coming to the Accuvant organization, Jim has been responsible for establishing and standardizing many of the solutions and techniques employed by the Assessment practice. This provides our clients with a level of consistency that is unparalleled in the industry and establishes Accuvant as the premiere security services company.

Certifications and Training

Jim is a Certified Information Systems Security Professional (CISSP); Checkpoint Certified Security Engineer (CCSE); NetScreen Certified Security Associate (NCSA); ISS Certified Engineer

Professional Education

BS in Computer Information Systems from Trinity College and University

Welcome to the blogosphere Jim.