Incitings (Events/Appearances)

Hard to believe, it's time for another Black Hat conference. This is my third, and as I sit in the airport waiting to head out to Vegas, I'm eagerly anticipating the show. For lots of reasons, but mostly because it's the only show I attend to actually learn something. It's not like RSA or CSI are big on "education." I certainly know that I don't know it all, but Black Hat is a place where I can hang out with guys a lot smarter than me. And that's a good thing.

Even if the show has gotten a bit corporate. 

As others have mentioned, Black Hat/DEFCON are not the places to be careless about your computer security. Now that BH is doing the Wall of Sheep as well, no one is safe. I was at Rob Graham's session last year where he pulled up some poor saps Gmail through his sidejacking attack. That ain't going to be me.

So what do I do? WiFi is OFF. Period. Until I get back to ATL on Friday, WiFi is off. I'll just rely on my Verizon card for the few times I'm in my room and connected. I don't carry my laptop at the show, rather relying on good old fashion paper and pen to take notes. I may do a quick post or two from my iPhone (3G, I upgraded over the weekend), but for the most part I'll be mostly disconnected.

Speaking of my iPhone, WiFi is off on that as well. I'm also turning off Bluetooth. That means I'll be the silly one with the wired headset. But I'm not sure what new attacks have emerged, so I'll suffer the wired life for a few days. I'm also turning off the GPS. It's not like I'm going to get lost in Vegas, and again although I haven't heard of specific GPS attacks, why risk it?

Yes, clearly it's paranoia in full effect. But better to be safe (if a bit disconnected) than sorry. That's for sure.

In terms of sessions, a few caught my eye:

1. Bad Sushi: Beating Phishers at their Own Game (Wednesday, 10 AM): I'm going to see my friend Nitesh Dhanjani and Billy Rios do their anti-phishing talk. Clearly there are both process and technical defenses against the phishermen.
2. DNS Goodness (Wednesday, 11:15) - Obviously Kaminsky's session is going to be a circus. They should probably move it into the keynote room to accomodate everyone. Not sure I want to fight the masses to attend, but I'm sure it will be interesting.
3. The Four Horsement of the Virtualization Security Apocolypse (Wednesday, 1:45) - I've got to be there to support my boy Hoff and I'm actually interested in how he's evolved his pitch. I also heard (from the horses mouth) that the slides are real pretty, so I'll probably take a few presentation pointers from the Rational one.
4. Malware Detection through Network Flow Analysis (Wednesday, 3:15) - Since part of my schtick is REACT FASTER, Bruce Potter will be previewing a new version of his flow analysis tool, and that may fit the bill. Lord knows a lot of the NBA tools are way to heavy and high end for the mass market, so an open source alternative could be interesting.
5. Exploiting Google Gadgets (Wednesday, 3:15) - I'll also try to swing by RSnake's pitch, where he and Tom Stracener will be exploiting Google Toolbar and discussing a zero day. Woo Hoo.
6. Satan is on my Friends list (Thursday, 10) - I'm fascinated with this social networking thing and figuring out how to exploit it is pretty interesting. There is a lot of cutting edge research happening around this area.
7. No More Signatures: Defending Web Applications from Zero Day Attacks (Thursday, 11:15) - Yes, I plan to go see Sir Ivan and Ofar Shezaf discuss how profiling traffic can help defend web apps. This sounds like a positive security model and I think that's a pretty important aspect of defending the web apps.
8. Get Rich or Die Trying (Thursday, 3:15) - I'm also going to see Jeremiah do his logic flaws pitch. These are very interesting attack vectors and I'm looking forward to seeing how Jeremiah and Arian go through an pwn applications via the developers own mistakes.

I'm sure there are others, or maybe not. I tend to like to keep my schedule pretty fluid at Black Hat. I'll be hitting the party scene as well, so I hope to see at least some of you in Vegas.

Safe Travels.

As I've mentioned, I'm hitting the road pretty hard in May, much to the chagrin of the Boss. Some speaking gigs, some strategy sessions. Here is where you can see me in a public setting:

• All Ohio InfoSec/InfraGard Event - May 17-18 in Columbus, OH
  
  I'll be doing two sessions here, one during the evening reception and I'll also be moderating a panel on security metrics. I'll also be available to sign books at the show.
  http://centralohioissa.com/?p=94
  
  
• CSI roadshow: New Vulnerability Management Tactics for IT Professionals
  
  May 8 - Los Angeles
  May 10 - San Francisco
  May 22 - Chicago
  May 24 - NYC
  
  I'll discuss a Pragmatic approach to vulnerability management and penetration testing, and there will be a hacker challenge, sponsored by Core Security, at the end of the day. Core is also raffling off 5 signed copies of the Pragmatic CSO at each location.
  http://www.gocsi.com/events/oneday_core.jhtml
  
  

There will be more to come, so stay tuned to the blog.

I've been pretty loggish about keep everyone up to date about all the stuff I'm doing. With three monthly TechTarget columns, a bunch of webcasts and speaking gigs coming up, and the ongoing activity to support the P-CSO - there is hardly time to tell anyone much of anything.

Columns

Here is kind of a laundry list of places to read my recent drivel:

• SearchSMB column (here) - Best of breed vs. Big Security. For SMB organizations, the path of least resistance is usually to buy from the big vendor. But is that the right thing to do? I rant a bit about what's important in that decision process here.
  
  
• SearchSMB column (here) - VPNs offer simple, secure remote access. Any advanced security staffer will know pretty much all of this stuff, but most of the folks in the SMB space aren't necessarily advanced. Though the idea of using VPN technology (especially SSL VPN) as a poor-man's NAC is also discussed.
  
  
• SearchSecurityChannel column (here) - What do to do when a strategic manufacturer is acquired? If you are a reseller, sooner or later it's going to happen. A key manufacturer, who you are building a business around will be acquired by a less than desireable party. What then? That's a good question, read the article to get my perspectives.
  
  
• SearchSecurityChannel column (here) - Five ways to gain customer loyalty. Again more common sense, but these key ideas are hardly ever used in practice by anyone (not just the reseller community).
  
  
• SearchSecurityChannel column (here) - The downside of MSS. Many resellers are counting on managed services to save them from the doldrums of decreasing margins and other misery. But there is a downside to everything. Check out my thoughts on whether MSS makes sense (it does), but what caveats are there.

Messaging Security School

I also just did a webcast, podcast and tip series for TechTarget on Next-Generation Messaging Attacks. You can check out all the content here. It's good stuff.

Webcasts

• Vontu - I recently did a webcast with Vontu about how data leak prevention applies to the endpoint. Check out the archive here.
  
• Forescout - Want to know my latest thinking on NAC? I went through it here for ForeScout, dealing with hot button issues like client vs. client-less architectures and inline vs out-of-band deployment options. I even rant a bit about NAC standards.

On Monday I'll list out my upcoming speaking calendar because I'm hitting the road big time in May, and I may be coming to a town near you.

I'm packing the bags and heading out on the road quite a bit over the next two months to spread the gospel of the Pragmatic CSO. There will be a mixture of ISSA and vendor-sponsored events. The first of these starts next week, when I'll be in Milwaukee to talk to the ISSA group there.

Clint Laskowski, a Pragmatic CSO himself, is the director of events there and has graciously invited me to spend some time with the group. I'm going to do an hour on the Pragmatic CSO and another hour basically just answering folks questions. You can get a full agenda and figure out where to register here.

I'll do separate posts, but in May I'll be in Cincinnati (for a Marshal seminar), in Columbus OH (for an ISSA meeting and other events) and I'll be doing a 4 city tour (LA, SF, NY, CHI) with Core Security. Hopefully I'll get a chance to do some meet-ups when I'm in your neck of the woods.

I hope to see you in Milwaukee. I'll put on a good show - I promise...

As they say, one door closes and the next one opens. I've been very fortunate for that to have been the case throughout my career. Pretty much as soon as NetworkWorld opted out of my column, the good folks over at TechTarget have stepped in.

I'm now working as a monthly columnist with 3 different TechTarget properties. I'm doing a monthly piece on security targeted to the SMB in SearchSMB. I'll be ranting specific to the security channel each month in SearchSecurityChannel. Finally, starting in March I've been added to the roster of SearchSecurity experts, which involves answering 5-10 questions each month and doing a column.

I'm very excited about all three of these gigs. Each of TechTarget site editors allow me to express myself as I see fit and they understand that I take everyone to task on my blog, even them, when I see a piece that could use some work.

Here are the details on my first two regular columns:

• SearchSMB: "Managed Security Services - an SMB option?": In this piece I go through how and when an SMB should be interested in outsourcing some of their security operations. Read the rest here.
  
  
• SearchSecurityChannel: "What to do when a strategic manufacturer is acquired": It's happened to us all, but it's especially important for VARs to have a defined plan when a key vendor is acquired. Read the whole piece here.
  

I've got another 3 pieces loaded up for February that you'll see within the next few weeks.

I'm doing 3 sessions at the RSA Conference this week, so if any of you in blog-land will be at the show - come check it out. I've got some all-stars on my panels on both spyware and UTM and I'm also facilitating a session on how to "successfully sell security strategy." It will be a packed and fun week and I hope to get to see many of you in San Francisco.

 

Session Code:		HT2-105
Session Title:		The State of Spyware: Analyst and Technologist Perspectives
Length:		70 Minutes
Technical Level:		Intermediate
Abstract:		A panel of leading minds in the information security industry will discuss, debate and prognosticate on the evolution of malware. As analysts, technologists, spyware experts and consumer advocates, the panel’s diversity rings true to the RSA® Conference 2007 Renaissance theme. They will provide relevant insight on malware’s progression over the years and unique perspectives on defeating the threat.
Moderator:		Mike Rothman President & Principal Analyst Security Incite
Panelist:		Gerhard Eschelbeck CTO and Senior Vice President of Engineering Webroot Software Ira Winkler President Internet Security Advisors Group Brian Burke Research Manager IDC James Dempsey Policy Director Center for Democracy & Technology

Session Code:		DEF-203
Session Title:		UTM Smackdown: Wading Through the Hype to Select the Best Solution
Length:		70 Minutes
Technical Level:		Technical
Abstract:		With all the UTM choices available, how is an organization supposed to pick the right solution? This no-holds barred panel assembles four UTM CTO’s to debate hot buttons, such as the need for purpose-built appliances, and the role of integrated management. This presentation will also examine appropriate solutions for small and large enterprises.
Moderator:		Mike Rothman President & Principal Analyst Security Incite
Panelist:		Christofer Hoff Chief Security Strategist Crossbeam Systems Alan Shimel Chief Strategy Officer StillSecure Alex Quinonez Vice President Astaro Corp. Richard Stiennon Chief Marketing Officer (CMO) Fortinet, Inc.

Session Code:		P2P-206A
Session Title:		Successfully Selling Your Security Strategy
Length:		50 Minutes
Technical Level:		Basic
Abstract:		Knowing what to do is less than half the battle. Unless the ones holding the purse strings buy into your security strategy and execution plan, all is for naught. This P2P session will discuss how best to interface with senior management, understand their hot buttons, and present a compelling story to get what you need – the money and resources to protect your critical business systems.
P2P Facilitator:		Mike Rothman President & Principal Analyst Security Incite

And yes, I'll be at many of the parties going on Tuesday and Wednesday night. I'll be the one with a beer in each hand for the first couple of hours, and then probably at the bottom of a rumble towards the end of the night. Always seems to work out that way.

Yes I will be at RSA, pretty much the entire week.

If you are a user, let me know that you'll be there. I'll make time to meet with you. We can chat, drink coffee, make fun of vendors and I'll be happy to listen to what you have going on and see if I can offer any words of wisdom.

If you are a vendor, I will also try to make time to meet with you and have you pitch me on whatever cool stuff you are doing at the show.

Regardless of who you are, the best way to start the process is to send me a note expressing interest in an RSA meeting. If you have times when you CANNOT meet, let me know that too.

I have already been approached by numerous folks and have been putting off actually booking meetings. So you have until Friday to let me know that you'll be there and that you want to meet.

I'll start booking meetings next Monday, so I'll respond to you with a few times that work for me. I expect my calendar to book up fast, and as they say in the Bahamas "you snooze, you lose!"

Looking forward to seeing you in SFO at the EMC show. HA!

I was once again invited to participate in Alan Shimel and Mitchell Ashley's year-end wrap up podcast. We discussed the biggest stories in 2006, as relaying to us by a real rogues gallery of bloggers including:

• Martin McKeay
• Michael Farnum
• Andy, ITGuy
• Mike Murray
• Ravi Char
• Dan York
• Perry Carpenter
• Michael Wright of MCWresearch
• Larry Pesce of Paul Dot Com

These guys had a lot to say and we all had a great time discussing the topics and adding our own perspectives.

Enjoy it here: http://www.clickcaster.com/ss

SearchSMB just listed their Top 10 tips for 2006 (here). 7 out of the 10 are security-related. And 3 out of the 7 on security were penned by.... (drum role please) - ME!!!

That's shocking, but also flattering. I'm fortunate to be able to pen opinions in a market that generates a ton of interest.

But let's not lose sight of the fact that SMBs are struggling with security, pretty much like larger enterprises - but the pain is more acute because they don't have people or money to throw at the problem.

Check out the tips if you missed any of them.

If you want to hear me rant about threat management live, I'll be doing a webcast as part of a Ziff Davis Virtual Tradeshow on Thursday (11/30 from 2:15 - 3:15 PM EST). I'll be doing the panel with a product manager from CA (who is sponsoring the event) and going through how the threatscape and attack surfaces are changing rapidly and what end users need to be thinking about relative to protecting themselves against these new threats.

As always, it'll be a no-holds barred discussion (not sure the sponsors know that yet, but they'll figure it out) and I'll be saying what I think - especially during the Q&A.

So register here: http://ca-security.eseminarslive.com/eng/nonAuthGeneric/program.cfm