Network Security Blog

Shortly after the end of RSA 2008, Michael Santarcangelo organized the latest Security Roundtable podcast. We were joined by a varied crowd of characters in the form of Dr. Anton Chauvakin, James Costello, and Jennifer Leggio. We had a lot of fun recording this conversation, even if poor Anton fell off fairly early due to phone problems. Luckily we let him get some of his shots in early.

Rich and I talked about this on an episode of the NSP, but there were no real ‘themes’ to this years RSA. There were a lot of interesting things going on, but it wasn’t on the showroom floor or in the key note presentations. I’m hoping that this means the industry is maturing, but it may just mean we’re in a lull between waves of marketing hype. Guess you’ll have to tune into next year’s SRT RSA podcast to find out.

Security Roundtable for May 2008 | RSA Conference - Beyond the Hype

 

 SRT May 2008 - RSA [54:34m]: Play Now | Play in Popup | Download

Rich and I got a chance to talk to Ron Gula, CEO of Tenable Network Security about the changes that were made today the the changes in the Nessus licensing model. This is a follow up to the post I wrote this morning and explains the reasoning behind the changes straight from the man in charge.

 

 Microcast: Ron Gula on the changes to the Nessus licensing model [15:43m]: Play Now | Play in Popup | Download

We’re back, me from being ill, Rich from some alone time with his wife. Nothing really interesting to talk about other than what’s in the show notes, so I’m not going to waste a lot of time writing about it.

Show Notes:

• Hacker splashes data from six million Chileans on Internet
• Three charged in Dave & Busters hacking job
• ZoneAlarm Forcefield
• Captain’s Blog, Supplemental - PCI is dead, long live PCI!
• The (ISC)2 Blog
• Tonight’s music: Sunday Eyes by Amee Chapman and the Velvet Tumbleweeds

 

 Network Security Podcast, Episode 104: Play Now | Play in Popup | Download

Network Security Podcast, Episode 104, May 13, 2008

Time: 33:12

A few weeks ago I had a chance to have lunch with Mike Smith,author of the Guerilla CISO, in Washington, DC. Mike’s area of expertise is FISMA and he’s an experienced educator in the area. Mike feels about FISMA much like I do about PCI: it’s not perfect, but it’s a heck of a lot better than what came before.

 

 NetworkSecurity Podcast: Mike Smith, Guerilla CISO [9:00m]: Play Now | Play in Popup | Download

NSP Microcast: Mike Smith, Guerilla CISO

Time: 9:00

I’m sick and Rich is preparing for some anniversary celebration over the next couple of days. My family graciously shared a chest cold they’ve been fighting off with me and I’ve spent a good part of the last two days in bed. Rich is flying in, with his wife, from Arizona to spend the better part of a week wine tasting and whatever else you do to celebrate your wedding anniversary. They’ll be less than 30 miles from my home and they won’t be spending any time with me or my family. You gotta wonder about a guy who puts his wife (or his health) before his podcast.

We’ll return to our regularly scheduled dose of chaos next week. Honest.

There were more than a few technical difficulties in recording tonight’s show. Thanks to Paul Asadoorian from PaulDotCom Security Weekly for hanging with us and getting a show recorded despite it all. If it hadn’t been for some quick thinking on his and Rich’s parts, I don’t think we could have had a show this week. I’m still working on my DSL line, but I’m pretty certain the wiring in my office is bad; the DSL has been fine since I moved the modem to a different wall plug in the bedroom. I just hope my wife is willing to ignore the bright yellow cable stretching across the hall until I can get a new telephone cable run.

Show Notes

 

 Network Security Podcast, Episode 103 [53:31m]: Play Now | Play in Popup | Download

Network Security Podcast, Episode 103, April 29, 2008

Rich and I tried to make up for last week’s podcast by keeping
things a little shorter tonight. The operative term of course is
‘tried’; we managed to shave a couple of minutes off the podcast, but
that’s about it. Tonight’s theme was vulnerabilities in web sites,
ranging from the Obama site being hacked to Dan Kaminsky’s latest DNS
issues and on to PCI requirement 6.6. There was a lot going on tonight
and we could have almost made a show from any one of these topics.

Show Notes

 

 Network Security Podcast, Episode 102 [27:21m]: Play Now | Play in Popup | Download

Network Security Podast, Episode 102, April 22, 2008

Ever wanted to be on a podcast but don’t have the time or energy to start one of your own? Are you already producing your own podcast but want to bring in a bigger audience? Or do you just want to take some time to express your own opinions? If any of those apply to you, take a couple of minutes to contact your favorite blogger or podcaster and ask if you can have a guest spot on their show/blog. It really is that easy, especially if your asking directly and not having your PR department doing the contacting.

What brought this on? After a couple of weeks on the road I finally got a chance to catch up a little on some of my RSS feeds. With about 150 feeds and a two and a half week backlog, this can take a while. So I skim a lot of articles and frankly just ignore the majority of them. But one that caught my eye was “6 Ways That Bloggers are Like Rappers“. I’ve never wanted to be a rapper, and don’t ever ask me to sing if you value your ears, but there’s a lot in this article that resonated with me. I’m prolific, my blog is my personal brand, I’m a member of the Security Catalyst Community as well as several others and I’ve definitely got a style all my own. Rich and I often do interviews, but one thing we only do rarely is have guests on the podcast as participants. There have been a couple notable exceptions lately, with Mike Murray and Tim Krabec most recently.

I’ve been a guest on a number of different podcast, especially Pauldotcom Security Weekly (why do I always want to spell it ‘weakly’?). Every time I do this it introduces me to a new potential audience and makes me think a little differently about how I do the show and security. I learn something, which is the biggest reason I started doing blogging and podcasting in the first place. I enjoy being on someone else’s show nearly as much as I do my own. And all it’s ever taken to be a guest is reaching out to the host and asking if they would mind me being a guest for a show.

I know this isn’t about security, but one of the things I’ve been giving a lot of thought lately is how we reach a wider audience. Not just Rich and I, but security professionals in general. For the most part, we’re preaching to the choir; the people who read our writing and listen to our rants are other security professionals. This is a great audience and what makes me come back to the microphone week after week, but it’s not the group that’s going to make changes to the larger world. In order to reach the wider world, we need to talk to people who are outside of our comfort zone, people who don’t have the same mind set but might be able to teach us something and learn something in return.

So if you’re new to blogging or podcasting and want to build an audience, ask one of the people who inspired you if you can be on their show. If you’re an established blogger or podcaster who wants to reach a bigger audience, ask one of our peers, or better yet, ask someone outside the security sphere. If you want to be a guest on the Network Security Blog or Podcast … you guessed it .. just ask. The worst thing that could possibly happen is you get back a ‘no’. But in all likelihood, the answer will be closer to “When are you available?”

Update: This post was republished on the RSA “Developing with Security” blog. This site is being contributed to by fellow security bloggers who continue to contribute to the security community even when there’s not a Meetup coming up.

For anyone who was in the RSA Security Bloggers Meetup video, I can make the video available in a format you can download and edit yourself. I haven’t done it just yet, but UStream makes it possible to download as a .flv file which I can turn around and convert to just about any format you might want. If you’re a PR person responsible for one of the bloggers we interviewed, just have your client send a request and you can have the video. I don’t have any desire to stop anyone from using this video, I just don’t want to make it a burden on my limited resources.

Rich and I had a ton of fun making this video and I wish the first 75 minutes of it had been captured. We’re still working on getting the audio levels right and we might hire a professional to record the Security Bloggers Meetup next year, but expect to see more projects like this from time to time. All things considered, this turned out pretty well for a first effort and makes me think its worth doing more. What’s nice for me is all the equipment we used can fit in a single backpack or Pelican hard case. Except for the tripod that is.

Next purchase is some lights so we don’t look so dark. Or maybe just find a brighter place to record. Or just accept that this is amateur videography and let it go at that. Guess which one I’m leaning towards.