Friday, June 15, 2012
Tuesday, February 21, 2012
RSA Conference 2012
I'll be at this year's RSA Conference 2012, talking about the ART and SCIENCE of Security. Will you?
Monday, May 23, 2011
When it comes to accessing your information:
--Organized criminals are innovating.
--Foreign Intelligence services are innovating.
--Global terrorists are innovating.
So it's now CRITICAL that the security industry step up it's INNOVATION.
Big ideas often come from small compaines, and the people closest to the problems often come up with the best solutions, so I'm proud to join General Keith Alexander, Commander, U.S. Cyber Command on the steering committee for the:
The Security Innovation Network presents Showcase 2011 at the National Press Club
Apply to be selected as a SINET 16 that will present in front of 400 Buyers, Builders, Researchers & Investors
Call for Papers please click here June 10th deadline
Supported by the Department of Homeland Security Science & Technology Directorate
Keynote: General Keith B. Alexander, Commander, U.S. Cyber Command &Director, National Security Agency/Chief, Central Security Service
Three of the top SINET 16 automatically receive entry into ASC’s second round
October 26th (Workshop) & 27th (Showcase) 2010, Washington DC www.security-innovation.org
--Organized criminals are innovating.
--Foreign Intelligence services are innovating.
--Global terrorists are innovating.
So it's now CRITICAL that the security industry step up it's INNOVATION.
Big ideas often come from small compaines, and the people closest to the problems often come up with the best solutions, so I'm proud to join General Keith Alexander, Commander, U.S. Cyber Command on the steering committee for the:
The Security Innovation Network presents Showcase 2011 at the National Press Club
Apply to be selected as a SINET 16 that will present in front of 400 Buyers, Builders, Researchers & Investors
Call for Papers please click here June 10th deadline
Supported by the Department of Homeland Security Science & Technology Directorate
Keynote: General Keith B. Alexander, Commander, U.S. Cyber Command &Director, National Security Agency/Chief, Central Security Service
Three of the top SINET 16 automatically receive entry into ASC’s second round
October 26th (Workshop) & 27th (Showcase) 2010, Washington DC www.security-innovation.org
Wednesday, March 9, 2011
Tuesday, December 21, 2010
Top-Five 2011 Security Wish List
Having been active in the security world since the 80's -- first as a user in the middle-east, then building products, services, R&D, and several roles in critical infrastructure protection-- I've lived through questionable security implementations and decisions that cost both lives and dollars, but I'm excited about the security opportunities that await us in 2011.
2010 brought us leaky cables, crazy countermeasures, fiery sheep, government-sponsored targeted attacks, organized criminals that compromised hundreds of millions of identities, and zombie armies that effect business bottom lines and Government's policy. All of this came at a great cost to commerce, citizens and civilization alike, so it is incumbent upon the professional security world to utilize the one additional thing these villains brought us-- the greatest cyber security awareness in history.
Think big, think bodacious, think important, and think possible. Move beyond password length discussions, blabbing on Facebook, and x-raying your belly bulges, and focus on what's really important in the new year. To start, I offer five from my 2011 security wish list, and encourage you to suggest your own.
My Top-Five 2011 Security Wish List
1. Public Private Partnerships that really work, which means that 'public' needs to share more, and 'private' needs to focus on the greater good, and not just selling more of their stuff. This is vital to protect critical infrastructure and key resources (CI/KR), and it is vital to protect our juiciest targets from foreign governments, organized criminals, terror groups and wannabes, and home grown bad guys.
2. A Mobile Security ecosystem that unites the vendors, rather than divides. We all now carry and cherish our mobile phones the same as we do with our credit cards (always with us, never shared, losses reported immediately), so it's time to make them work as identity tokens across the board.
3. U.S. Congressional support for comprehensive cybersecurity, rather than trying to address it bill by bill, earmark by earmark, and press release by press release. We have a cyber-czar that wants to put good security over politics, and many good folks that are returning to govern after success in the security private sector, and a strong push from Congress would serve to unite security across the board.
4. Educational shift toward real cyber security education and training. Humans are still our weakest link, and cyber-education is still the most cost-effective countermeasure. Plus, our shortage of skilled cyber security professionals is not even close to being met by our university systems and handful of professional associations. Despite what a few experts will tell you, security is not black magic, but can be trained to a wide range of people from all walks of life. This needs to be a high priority from K-12, through vocational, university, and advanced education offerings that meet the needs of today and tomorrow.
5. Purchasing agents of the world unite, to agree to no longer buy software that has not been developed in a demonstrable and testable security development lifecycle, be it in a shrink wrap box, a gold master, or a 'secure' cloud. Self-regulating sources haven’t worked, so testing in a crystal box for all to see is needed.
And this just skims the surface... There are many more, and now is the time to work together on the biggest stage we’ve ever had, to make a real difference in the safety and security of all we hold dear.
I wish you the happiest of holidays, and I’ll see you again in 2011 !
2010 brought us leaky cables, crazy countermeasures, fiery sheep, government-sponsored targeted attacks, organized criminals that compromised hundreds of millions of identities, and zombie armies that effect business bottom lines and Government's policy. All of this came at a great cost to commerce, citizens and civilization alike, so it is incumbent upon the professional security world to utilize the one additional thing these villains brought us-- the greatest cyber security awareness in history.
Think big, think bodacious, think important, and think possible. Move beyond password length discussions, blabbing on Facebook, and x-raying your belly bulges, and focus on what's really important in the new year. To start, I offer five from my 2011 security wish list, and encourage you to suggest your own.
My Top-Five 2011 Security Wish List
1. Public Private Partnerships that really work, which means that 'public' needs to share more, and 'private' needs to focus on the greater good, and not just selling more of their stuff. This is vital to protect critical infrastructure and key resources (CI/KR), and it is vital to protect our juiciest targets from foreign governments, organized criminals, terror groups and wannabes, and home grown bad guys.
2. A Mobile Security ecosystem that unites the vendors, rather than divides. We all now carry and cherish our mobile phones the same as we do with our credit cards (always with us, never shared, losses reported immediately), so it's time to make them work as identity tokens across the board.
3. U.S. Congressional support for comprehensive cybersecurity, rather than trying to address it bill by bill, earmark by earmark, and press release by press release. We have a cyber-czar that wants to put good security over politics, and many good folks that are returning to govern after success in the security private sector, and a strong push from Congress would serve to unite security across the board.
4. Educational shift toward real cyber security education and training. Humans are still our weakest link, and cyber-education is still the most cost-effective countermeasure. Plus, our shortage of skilled cyber security professionals is not even close to being met by our university systems and handful of professional associations. Despite what a few experts will tell you, security is not black magic, but can be trained to a wide range of people from all walks of life. This needs to be a high priority from K-12, through vocational, university, and advanced education offerings that meet the needs of today and tomorrow.
5. Purchasing agents of the world unite, to agree to no longer buy software that has not been developed in a demonstrable and testable security development lifecycle, be it in a shrink wrap box, a gold master, or a 'secure' cloud. Self-regulating sources haven’t worked, so testing in a crystal box for all to see is needed.
And this just skims the surface... There are many more, and now is the time to work together on the biggest stage we’ve ever had, to make a real difference in the safety and security of all we hold dear.
I wish you the happiest of holidays, and I’ll see you again in 2011 !
Tuesday, June 8, 2010
Why I joined the CyberDefender (CYDE) Board of Directors
Congratulations to Cyberdefender (CYDE) for making it onto the Nasdaq Global Market! Many of you know that I have just chosen to join the board of directors of Cyberdefender, and most have asked me the same two questions. 1) Can I get free stuff? And 2) Why Cyberdefender?
First things first-- Yes, you can get free stuff. Cyberdefender makes a lot of its current anti-virus services available for free. As to “Why Cyberdefender?”, the answer is a bit longer.
One reason I’ve liked Cyberdefender since their inception is their focus on the underserved markets. Everyone needs Internet security these days, with threats continuing to grow every day. BotNets like ZeuS prey on the un-protected first, and CyberDefender has perfected a method to bring real security in an affordable package to those that need it. Everyone of you that has had to remove malware from their computer knows it’s not a trivial undertaking. Just this weekend, I spent a couple of hours removing some malware on my son’s computer, that his A/V software identified, but couldn’t remove fully. Hopping around in the registry, knowing which temp files to delete and which need to be preserved, reading through the active process list to cull out the rogue programs, and then finding and deleting the problem code (in his case, the virus was able to protect itself against deletion when the system was running!)-- all takes an intimate knowledge of current environments. How many of you are current on all the operating systems, programs, and platforms out there? And if you’re reading this blog, that already puts you in the ‘most skilled’ category. So how is Aunt Sally supposed to cope?
My friend and security colleague Howard Schmidt (aka, the cyber-security czar) recently proposed a test of a good security system-- can his 86 year old mother make it work? Well, CyberDefender was built for Mrs. Schmidt, and the millions of others out there that just want their computer to work.
CyberDefender has optimized the human expert component of computer security. Not only do you get the latest anti-malware software, you also subscribe to a service that allows their remote security experts to reach in and fix your computer directly-- whether it’s from a virus, a bunch of junk software, for just simply old and in need of a refresh. CyberDefender has call centers filled not with order takers, but rather skilled computer security technicians that have the tools and abilities to quickly solve most security and performance problems. This is valuable for many sectors of the market, from the growing number of individuals struggling to keep the bad guys out, to many of the critical million smaller businesses that make up the critical infrastructure of the free world.
Finally, I like the people at CyberDefender. Hard working folks with a vision to help secure a huge section of the population, an attitude to work collectively within the security industry, and drive to succeed. That’s why I agreed to join their board, and I look forward to providing them governance as they grow in their next phase as a publicly traded stock on the Nasdaq Global Market.
First things first-- Yes, you can get free stuff. Cyberdefender makes a lot of its current anti-virus services available for free. As to “Why Cyberdefender?”, the answer is a bit longer.
One reason I’ve liked Cyberdefender since their inception is their focus on the underserved markets. Everyone needs Internet security these days, with threats continuing to grow every day. BotNets like ZeuS prey on the un-protected first, and CyberDefender has perfected a method to bring real security in an affordable package to those that need it. Everyone of you that has had to remove malware from their computer knows it’s not a trivial undertaking. Just this weekend, I spent a couple of hours removing some malware on my son’s computer, that his A/V software identified, but couldn’t remove fully. Hopping around in the registry, knowing which temp files to delete and which need to be preserved, reading through the active process list to cull out the rogue programs, and then finding and deleting the problem code (in his case, the virus was able to protect itself against deletion when the system was running!)-- all takes an intimate knowledge of current environments. How many of you are current on all the operating systems, programs, and platforms out there? And if you’re reading this blog, that already puts you in the ‘most skilled’ category. So how is Aunt Sally supposed to cope?
My friend and security colleague Howard Schmidt (aka, the cyber-security czar) recently proposed a test of a good security system-- can his 86 year old mother make it work? Well, CyberDefender was built for Mrs. Schmidt, and the millions of others out there that just want their computer to work.
CyberDefender has optimized the human expert component of computer security. Not only do you get the latest anti-malware software, you also subscribe to a service that allows their remote security experts to reach in and fix your computer directly-- whether it’s from a virus, a bunch of junk software, for just simply old and in need of a refresh. CyberDefender has call centers filled not with order takers, but rather skilled computer security technicians that have the tools and abilities to quickly solve most security and performance problems. This is valuable for many sectors of the market, from the growing number of individuals struggling to keep the bad guys out, to many of the critical million smaller businesses that make up the critical infrastructure of the free world.
Finally, I like the people at CyberDefender. Hard working folks with a vision to help secure a huge section of the population, an attitude to work collectively within the security industry, and drive to succeed. That’s why I agreed to join their board, and I look forward to providing them governance as they grow in their next phase as a publicly traded stock on the Nasdaq Global Market.
Monday, August 11, 2008
What if copying was legal?
What if it was legal to make copies of our favorite movies, tv shows, music, games, books and more?
With almost half of the total Internet usage in the U.S. being peer to peer file sharing, it’s clear that users WANT to make copies, but why?
Do they like the ease of use? Do they like ‘having’ the files on their machines? Do they like being able to make a backup copy just in case? Do they like being able to move copies between their computers, phones, and DVRs? Do they like the efficiencies that systems like BitTorrent provide? Do they want what they want when they want it? Are they just sick of the often ridiculous DRM systems they’ve been subjected to in the past?
In my experience, the answer to ALL of these questions is YES.
In fact, they like it so much, otherwise law abiding citizens will even break the law to do it. Some break it blatantly, some rationalize with “I didn’t know” or “everyone’s doing it”, but break the law they do, because they want to be able to copy and share entertainment files.
So what if instead of (lamely) prosecuting these folks that copy and share, we flip the entertainment world on its head, and reward this behavior?
We know that all the users would love it. All the benefits of sharing files, with none of the guilt! But what of the entertainment companies that create all this content?
If no one watched ads or paid, we would be reduced to skateboarding bull-dog videos (http://www.youtube.com/watch?v=hlyhq6ncGWg ) , (I had over 500 to choose from!) ), instead of professionally made movies, tv shows, music, games, books magazines, and more. All of these creative works are paid for with advertising dollars today, and will need to be paid for in the future if we expect them to continue to be produced.
So we need a system that’s as easy to use as a Google search, paid for with ads that are as innocuous as those on a Google search, and that is so inexpensive to distribute (no server farms, no fat bandwidth pipes, and no costs for customer acquisition).
Look, up in the Internet-- It’s a Bird. It’s a Plane. It’s SuperDistribution!
Superdistribution has been talked about since the early 90’s (http://www.wired.com/wired/archive/2.09/superdis.html ) but until now, no one has been able to perfect a system that allows content owners to maintain the controls they need to succeed, while leveraging the low cost, high reach, best of both worlds solution originally envisioned.
All of that changes on Tuesday, the 12th of August, 2008.
Watch this space…
With almost half of the total Internet usage in the U.S. being peer to peer file sharing, it’s clear that users WANT to make copies, but why?
Do they like the ease of use? Do they like ‘having’ the files on their machines? Do they like being able to make a backup copy just in case? Do they like being able to move copies between their computers, phones, and DVRs? Do they like the efficiencies that systems like BitTorrent provide? Do they want what they want when they want it? Are they just sick of the often ridiculous DRM systems they’ve been subjected to in the past?
In my experience, the answer to ALL of these questions is YES.
In fact, they like it so much, otherwise law abiding citizens will even break the law to do it. Some break it blatantly, some rationalize with “I didn’t know” or “everyone’s doing it”, but break the law they do, because they want to be able to copy and share entertainment files.
So what if instead of (lamely) prosecuting these folks that copy and share, we flip the entertainment world on its head, and reward this behavior?
We know that all the users would love it. All the benefits of sharing files, with none of the guilt! But what of the entertainment companies that create all this content?
If no one watched ads or paid, we would be reduced to skateboarding bull-dog videos (http://www.youtube.com/watch?v=hlyhq6ncGWg ) , (I had over 500 to choose from!) ), instead of professionally made movies, tv shows, music, games, books magazines, and more. All of these creative works are paid for with advertising dollars today, and will need to be paid for in the future if we expect them to continue to be produced.
So we need a system that’s as easy to use as a Google search, paid for with ads that are as innocuous as those on a Google search, and that is so inexpensive to distribute (no server farms, no fat bandwidth pipes, and no costs for customer acquisition).
Look, up in the Internet-- It’s a Bird. It’s a Plane. It’s SuperDistribution!
Superdistribution has been talked about since the early 90’s (http://www.wired.com/wired/archive/2.09/superdis.html ) but until now, no one has been able to perfect a system that allows content owners to maintain the controls they need to succeed, while leveraging the low cost, high reach, best of both worlds solution originally envisioned.
All of that changes on Tuesday, the 12th of August, 2008.
Watch this space…
Subscribe to:
Posts (Atom)
