Tag: Marketing

Be an InfoSec Berean

Be an InfoSec Berean

In the Bible (no, this is not a sermon – yes, this is InfoSec relevant), there was this group that Paul ran into called the Berean Jews. (Acts 17:10-15 if you want to look it up). These Bereans were shown in the scriptures to be diligent people who checked the facts. Verse 11 says:

Now the Berean Jews were of more noble character than those in Thessalonica, for they received the message with great eagerness and examined the Scriptures every day to see if what Paul said was true. (emphasis added)

So basically, the Bereans were not going to accept anything at face value. They immediately went back to scripture and checked out to see if what Paul was saying was true, and then they made up their minds.

Now what got me thinking about this particular group and how it applied to InfoSec was the article at Infosec Island by Scot Terban entitled “Infosec: The World’s Largest Rube Goldberg Device”. Scot has some pointed things to say about the different vendors and “experts” selling they toys and wares in the industry, and his points are good. But this theme has been in InfoSec (and other industry) blogs since I started reading them (I have written a few myself): do not fall for the sales pitch and the marketing.

This is just good common sense, right?Then why in the name of Mordor do we have to keep saying this? Is this for the benefit of the new folks in the industry? Is this because people just like a good rant session? Is it because someone STILL has not learned this lesson? Is it because there are a lot of lazy folks out there?

Now I am not hitting Scot here. I have zero problem with writing the post (and in fact, his overall theme was not about this really at all). It just struck me that if you have to be reminded to be an “InfoSec Berean” when the sales person calls or when you read an article comparing different technologies, then you are wrong. No, we don’t have a convenient set of scriptures to go to (except for NIST or something like that, which Scot points out). This is more about doing your due diligence to prove or disprove claims made by sales or marketing. Get some documentation. Get some references. Do a proof of concept (not always practical, I know). Make sure there is proof of the claims. Don’t accept it at face value, just like the Berean Jews.

And, in my finest adult-preachin-at-you voice, don’t make me tell you again!


An Information Security Place Podcast – Episode 26

An Information Security Place Podcast – Episode 26


Link to MP3

Episode 26 is here.  It almost didn’t happen since I was playing remote helpdesk dude for a relative from my hotel room in Dallas right before the recording, but we got it worked out.  Enjoy!

Show Notes:

InfoSec News Update –

  • Michael’s New NAISG Group are having their first meeting on Nov 2, 2009 in Houston, TX. – Houston Chapter Website / Email Link
  • Power Grid Takedown – a HowTO – Link Here
  • Court Ruling – Disloyal Computing is Not Illegal – Link Here
  • New OWASP Sponsored Web App Firewall – Link Here
  • MS Gets into the AV Game … Again…with latest release – Link 1 / Link 2
  • Trojans getting Smarter – Link Here
  • PCI DSS Update Could Include Virtualization Security – Link Here

Discussion Topic –

Encouraging Bad Behavior via marketing (Identity Guard Commercials)


Consultants Corner – Predicting what Security Consulting will be like in the future – Link Here

Music notes –