Not the most boring security podcast in the world

I had muted expectations when I stumbled upon a podcast by Stewart Baker.
“A podcast by a lawyer on the topic of cyber security?  Should be as interesting as reviewing previous year tax returns”, I thought to myself.  “I’ll give it 30 seconds”, as I looked around for something, anything to divert my attention.

With nothing in sight, I queued up the podcast…  and was pleasantly surprised.  It is in fact not the most boring podcast in the world, far from it.

Give it a listen and see if you agree:

http://www.steptoecyberblog.com/

 

Austin’s Loop 360 Corridor is a terrible place (for your business)

Austin’s Loop 360 (Capital of Texas Highway) long ago envisioned as a loop around the west side of Austin, but now consumed by growth, is home to many life draining fluorescent prisons, more commonly known as “Class A” office space.  Several high profile technology companies have inexplicably decided that it would be a good idea to locate their workforce along this stretch of roadway.
Anyone who spends any amount of time in Austin understands that traffic is undoubtably the biggest negative of living or working in or around Austin (hipster culture is a close second).  Traffic alone though is not what makes this particular “highway” a terrible place.

The problem?  Any network architect would have ample time to tell  you as they waste precious cycles sitting in traffic that could be spent doing something productive…  SPF or “Single Point of Failure”.

Many offices along 360 have only one way in and one way out.  No alternate routes unless you have four wheel drive and a chainsaw…  Any incident along this single path makes an already ridiculous commute, untenable.  A serious incident like a wildfire or intentional act by nefarious actors could turn inconvenience into disaster.

My recommendation:  Always consider ingress and egress under normal and emergency conditions when evaluating any location which will contain your most important resource; your people.

 

 

A Must Read – Bright Fulton on Log Management

Log management is hard.  Always has been, always will be.   Good to know that there are bright folks like Mr. Fulton and his team over at @swipley that get it. (and share!)
Technically –|  Rsyslog –> Logstash –> to –> S3 and Sumologic

Tactically –| “Engineers at Swipely start weekly tactical meetings by reporting trailing seven day metrics. For example: features shipped, slowest requests, error rates, analytics pipeline durations. These indicators help guide and prioritize discussion. Although many of these metrics are from different sources, we like to see them together in one dashboard. With sumo-search and the Search Job API, we can turn any number from a log query into a dashboard widget in a couple lines of Ruby.”

Brilliant.

Read his post via the @Sumologic blog here.

 

CoreOS and Docker – Game-changers that security pros should know about

Key Takeaways:  CoreOS and Docker will fundamentally change the way SaaS companies deliver software.  CoreOS and Docker used together provide a compelling package by combining an “operating system as a service” and an application container to run applications in isolation from the operating system. Security professionals should know that the introduction of these technologies will mitigate some traditional risks while creating others.
CoreOS in particular is interesting in the way that it handles operating system updates and patches using an active/passive partition scheme.  More information here.

The ability to sanely roll operating system updates into deployment lifecycle will solve a major pain point for SaaS operations. The dirty little secret that is while many agile shops are starting to push code out “continuously”, operating systems are often left either untouched or unpatched.

CoreOS will help make “infrastructure as code” less buzzword and more reality in the not too distant future.

 

LinkedIn – One Step Forward and Two Steps Back

Needed to give LinkedIn props for adding a few security features:

  • The ability to managed logged in sessions.
  • The ability to export “your” data.
  • More email notifications when account details change including date, time, browser, operating system, and “approximate physical location”

Their official announcement about these changes is here:

http://blog.linkedin.com/2014/09/03/giving-our-members-more-control/

——

Balance this by the fact that LinkedIn’s API policy is negatively affecting CRM companies and more importantly the small businesses that depend on them.

Here is a good rollup of the issue by @bradmccarty over at Full Contact

http://www.fullcontact.com/blog/linkedin-state-of-crm-2014/

No word as to how their new Sales Navigator product has influenced their API lockdown tactics but that still unrealized/released product looks to be positioned for medium to large business.

Sacrificing innovation for corporate gain is nothing new, just disappointing that he new product won’t be relevant to small businesses, particularly entrepreneurs and innovators… 

Have A Philosophy – Or Get Burned…

Intuitively I knew it made a difference.  The “why” of why infosec pros get up in the morning and “do what we do”.
Many times working “security” we get consumed by the fires of the day and forget (or refuse) to take time to recognize why we ultimately subject ourselves to the pain around solving the very complex and serious security issues of the day.

Recognizing in a very tangible way that my mindset/philosophy is ultimately responsible for my successes and failures has had a profound positive impact on my life.  I review  my work philosophy often.  I recognize that it is not perfect or permanent.  I use it as a defense and as inspiration.

Stuart’s Work Philosophy

“I believe in the positive transformation of the world through the creation and application of new technologies.  I work because I make a positive difference in the world by applying top down, leadership led, security solutions that enable leaders and their people the freedom to innovate in the face the many security roadblocks and unrealized risks that exist today.”

Jeff Olson in his book “The Slight Edge” states:  “Your philosophy CREATES your ATTITUDE, your ACTIONS, your RESULTS, which create your LIFE.”

Create your own philosophy using these simple steps:

  • Write down “why” you do what you do professionally.
  • Map the “why” to your larger life and overall goals, plans and dreams.
  • Review it often.

|:Stu:|