Comments on: Network Security Podcast, Episode 121 http://www.mckeay.net/2008/09/23/network-security-podcast-episode-121/ The views of one man on security, privacy and anything else that catches his attention. The views expressed on this blog do not reflect the views of my employer or anyone other than myself. Thu, 02 Feb 2012 21:45:54 +0000 hourly 1 http://wordpress.org/?v= By: Martin http://www.mckeay.net/2008/09/23/network-security-podcast-episode-121/comment-page-1/#comment-3503 Martin Mon, 29 Sep 2008 15:27:59 +0000 http://www.mckeay.net/2008/09/23/network-security-podcast-episode-121/#comment-3503 T.Rob, Thanks for coming on. We all get smoother with experience. I've been podcasting for nearly 3 years. Rich has even more experience. You'll be surprised, it'll get a lot easier right around episode 20, where you'll have learned how to use the majority of your tech. And how to use your voice. When you leave comments on the podcast, give the url: http://t-rob.net/2008/09/29/the-deep-queue-episode-3-ethical-administration/ I'll try to listen. I've been listening to The Dresden Files read by Spike from Buffy the Vampire Slayer fame this morning. Martin T.Rob,

Thanks for coming on. We all get smoother with experience. I’ve been podcasting for nearly 3 years. Rich has even more experience. You’ll be surprised, it’ll get a lot easier right around episode 20, where you’ll have learned how to use the majority of your tech. And how to use your voice.

When you leave comments on the podcast, give the url: http://t-rob.net/2008/09/29/the-deep-queue-episode-3-ethical-administration/

I’ll try to listen. I’ve been listening to The Dresden Files read by Spike from Buffy the Vampire Slayer fame this morning.

Martin

]]> By: T.Rob http://www.mckeay.net/2008/09/23/network-security-podcast-episode-121/comment-page-1/#comment-3502 T.Rob Mon, 29 Sep 2008 15:09:22 +0000 http://www.mckeay.net/2008/09/23/network-security-podcast-episode-121/#comment-3502 Martin - just wanted to say thanks for having me on the show last week. I have a few new followers on <a href="http://twitter.com/tdotrob" rel="nofollow">Twitter</a> and have seen a bump in hits over at <a href="http://t-rob.net" rel="nofollow">http://t-rob.net</a>. Listening to my performance the show, I have to attribute this to a genuine interest in WebSphere MQ security and not my smooth delivery scintillating wit. That thought is most encouraging. I just posted Episode #3 of the Deep Queue podcast in which I propose something I call "ethical administration". We have all heard of ethical hacking and occasionally people attempt it without approval and end up jobless or in jail. My idea of ethical administration is that an administrator can act within the scope of their normal duties to secure the network, even though the specific action may not be funded by their management. We are still talking about taking matters into one's own hands but doing so within legal boundaries and enterprise process boundaries (such as change control). Is a grass-roots security campaign feasible? Is it in fact ethical as I have proposed it? If companies fail to act on their own behalf, can we afford to knowingly leave them exposed? Will the government step in to save these companies if they fail due to a catastrophic breach? Or do they only do that in cases where the failure is due to a long term trend of increasingly relaxed regulation? -- T.Rob Martin – just wanted to say thanks for having me on the show last week. I have a few new followers on Twitter and have seen a bump in hits over at http://t-rob.net. Listening to my performance the show, I have to attribute this to a genuine interest in WebSphere MQ security and not my smooth delivery scintillating wit. That thought is most encouraging.

I just posted Episode #3 of the Deep Queue podcast in which I propose something I call “ethical administration”. We have all heard of ethical hacking and occasionally people attempt it without approval and end up jobless or in jail. My idea of ethical administration is that an administrator can act within the scope of their normal duties to secure the network, even though the specific action may not be funded by their management. We are still talking about taking matters into one’s own hands but doing so within legal boundaries and enterprise process boundaries (such as change control).

Is a grass-roots security campaign feasible? Is it in fact ethical as I have proposed it? If companies fail to act on their own behalf, can we afford to knowingly leave them exposed? Will the government step in to save these companies if they fail due to a catastrophic breach? Or do they only do that in cases where the failure is due to a long term trend of increasingly relaxed regulation?

– T.Rob

]]>