Cloud, Security and the Cloud CISO
Law Enforcement Technology
Featured
Last week I had the opportunity to attend ISC West billed at the “largest security industry trade show in the U.S.” Held annually at the Sands Expo in Las Vegas the show features over 1000 exhibitors and is attended by over 28000 security professionals.
My experience working with organizations is that while most have a security contact attached to an asset or functional area many of the designated contacts when asked are surprised to learn of their role. This is a sure indication of checkbox compliance and missed opportunity.
The problem is well rooted and endemic. Security organizations and their leaders are overwhelmed, understaffed and facing an unprecedented volume of new threats both inside and outside their organizations.
CISO’s are often expected to disseminate complex content to their board of directors. Sometimes this is made more difficult by the dysfunction that exists in every boardroom.
I spent most of the last week at Black Hat/Defcon/BSides Las Vegas contemplating a future filled with Internet enabled vehicles, infrastructure and hackers with ill intent.
The recent floods that devastated the Central Texas community of Wimberley in May left many asking themselves this question. Becoming a CERT (Community Emergency Response Team) member will help prepare you and your family for a disaster and provide basic disaster training to assist others in the community. CERT is coordinated by FEMA but led locally. As of this writing there are over 2200 CERT teams nationwide. You must be at least 18 years of age however local coordinators have the discretion to allow under 18 to participate.
This week I will be traveling out to Las Vegas to attend the Computer and Enterprise Investigations Conference (CEIC) the largest digital investigations and forensics conference in the world.
I’ve published a list of digital forensic resources primarily for those in law enforcement interested in extending their knowledge/skills.
Here is the issue. Unscrupulous convenience store clerks are betting you simply decline a receipt or don’t closely check the one you receive. Seems that they are skimming small amounts from customers to support their own lottery habits.
Commentary on security and the cloud from a chief security officer’s perspective. Enabling technology to change the world for good is the mission.
Hacking is not evil. People with evil intent are evil. Crush evil.
Log management is hard. Always has been, always will be. Good to know that there are bright folks like Mr. Fulton and his team over at @swipley that get it. (and share!) Technically –| Rsyslog –> Logstash –> to –> S3 and Sumologic
Raising kids is the best mirror in the world. Every flaw, imperfection and blemish in your makeup is ultimately revealed. – Stuart Clark
Operating a highly available, secure SaaS solution in the AWS cloud is hard. The problems faced by both large and small organizations are roughly the same. Therefore it may be logical to assume that the solutions are as well. The only real difference is scale. Enter Netflix.
There are few opportunities more impactful then having the opportunity to be immersed for a time in a movement that transcends profession and helps to answer the question: “Why do I exist?” Black Hat is one of those rare opportunities for me, Dan Geer is one of those men. His humble thought leadership, vision and knowledge are both inspiring and impactful.
In 2012 Amazon pioneered a cloud security concept they now call the “Shared Responsibility Model”. This concept was borne out of the need to clearly communicate the line of demarcation between AWS security responsibilities and ours (loyal AWS customers).
There are a couple of people that I want to take the time to highlight; Ernest Mueller @ernestmueller and Tim Virtue @timvirtue. Ernest’s thought leadership, publication and iteration of “What is Devops” has been exceedingly helpful in my quest to both define devops in my own head as well as communicate the vision and future of operations/development/cloud to others.
While doing my best to absorb a small portion of the wealth of useful information found in Dr. Kenneth Brown’s Great Courses: Influence Mastering Life’s Most Powerful Skill, I had an ah-ha moment that I wanted to pass along. Dr. Brown states that exerting influence will always result in one of the three following outcomes; CONFLICT, COMPLIANCE, or COMMITMENT.
Austin, Hyperconverged, Cloud and Security, Security Leadership
Stuart Clark
Comment
Austin, Hyperconverged, Cloud and Security, Security Leadership
Stuart Clark
Comment
Austin, Hyperconverged, Cloud and Security, Security Leadership
Stuart Clark
Comment
Austin, Hyperconverged, Cloud and Security, Security Leadership
Stuart Clark
Comment
Austin’s @pivot3 recent tweet of an @ITWire article about the projected growth in the HCIS (Hyperconverged Integrated Systems) market contain a couple of nuggets of information that demand expanding upon.
Austin, Hyperconverged, Cloud and Security, Security Leadership
Stuart Clark
Comment
Austin, Hyperconverged, Cloud and Security, Security Leadership
Stuart Clark
Comment