Friday, March 15, 2013

Five Simple Tips for BYOD

Check out this interesting 12 minute video where Lisa Phifer gives 5 common sense steps for approaching enterprise BYOD. I think she does a good job of giving advice on how to start down this road.

As she says, just banning personal devices won't work as we continue to accelerate down the consumerization of IT path that we all seem to be on. I think we will very quickly see consumers, and especially Millennials, who are quite able and desire to do all their work on mobile devices. Combine that with more enterprises moving to cloud services, and you see that traditional thinking won't serve us anymore. Between device-centric (MDM), network-centric (segmentation) and data-centric (sandboxed apps and VDI) approaches, there is something for everyone. You need to determine what works for your enterprise, and even if it isn't a perfect solution, take a Risk Management approach and start with the greatest risk.

Thursday, March 14, 2013

IQPC IT Security Exchange, March 10-12, 2013

 

I wanted to wrap up the IQPC IT Security Exchange that I attended this week in St. Pete, Florida. This was a good solid conference, covering trends and technologies. There were about three dozen security executives from all industries, and most of the talks were given by CISOs, regarding the topics that we are all concerned about: Big Data, BYOD, Cloud, CoIT, Breaches, Threat Intelligence... There were about 6-10 vendors sponsoring the event, and most of them were ones I had not been aware of. This is the kind of event where costs are kept low and you spend 2 days of discussing security with peers, over three days.

I gave my talk, Big Data: Big Brother or Big Deal? on Sunday. Find links below to the presentation.

SlideShare presentation: http://www.slideshare.net/nullsession/bigdata031013b

You can also download the presentation as (PDF) or with notes (PDF).

Here are some of the interesting topics that I found useful:
  • Communicating Risk to the Board
  • Risk Management
  • Security Awareness (and metrics!)
  • BYOD and moving IT to the cloud
  • Maturing the Security Program

Friday, February 22, 2013

Security Never Sleeps

I will be joining a panel over lunch this coming Wednesday, February 27th, at LuLu Restaurant in San Francisco for a Trainer Communications event, "Security Never Sleeps". Please consider joining us!

Enjoy lunch while listening to a panel discussion and Q&A with the CSO of Sallie Mae, CPO of McAfee, business technology reporter Scott McGrew from NBC-TV and analyst Derek Brink of Aberdeen Group. Learn  how to make your messages resonate with each of these audiences, and learn what doesn’t work and what has changed.

RSA Conference 2013: MBS-T19 BYOD: Here Today, Here to Stay?

Will you be attending RSA Conference 2013?

I will be on a mobility panel, discussing BYOD with experts in the field. You don't want to miss it! MBS-T19 - "BYOD: Here Today, Here to Stay?"

Professionalizing the Nation’s Cybersecurity Workforce: Criteria for Future Decision-Making

I will be on a panel for the National Acadamy of Sciences, discussing the topic of professionalizing the cybersecurity industry. We will be speaking at the Prescott Hotel, 545 Post Street at 2PM on Monday (2/25/13). Click here for more info!

RSA Conference 2013: GRC-W23: Managing Enterprise Risk: WHY U NO HAZ METRICS?

I just recorded a podcast for the RSA Conference on a panel I will moderate next week. I hope I did justice to the topic of our RSA panel next Wednesday! It will be MUCH better when Alex Hutton, David Mortman, Jack Jones and Caroline Wong are on stage explaining why risk management matters and how we can apply metrics to understand and reduce enterprise risk.

Please join us at 10:40 Wednesday in Moscone 133. Click here for more info.

Click to listen to my podcast!

Tuesday, February 12, 2013

I'd never forget you, Internet...

I admit I have sinned. I haven't blogged much in the past year. Most of my social media interaction has been on Facebook and Twitter and even LinkedIn. Mea Culpa, mea culpa, mea maxima culpa!

I do have an excuse though! I've been doing penance in the form of writing five cybersecurity courses for Laureate/Walden University and Excelsior College. I am excited about the new cybersecurity program I've helped develop for Excelsior College. They reached out to me in 2011, after I met the associate dean at a conference in Washington, DC. Check out their course offerings, here.


The thing about Excelsior College is, when you write a course for them, they make you teach it! So, while I have pushed myself to write meaningful courses, I've also been teaching them. Despite the pain and agony of long nights and short deadlines, it's worth it in the end. I feel it's helped me improve my own security skills. If you have an opportunity to write courses, books, speak or teach, do it! It will be a lot of extra work, when you probably already have a full schedule, but in the end you will find it beneficial.

I'm a proponent of lifelong-learning, and personal/professional development, so as a recovering physicist, I really love the privilege of being allowed to teach physics and astronomy. It's been ten years since I started teaching astronomy (and ethics) at a local university, and I now teach intro astronomy every semester at local colleges. It's motivating and rewarding to be allowed to teach others about something you love.

This last year, my company asked me to represent them in the capacity of "industry representative", developing the Next Generation Science Standards. This is an organized effort by 48 leading states to develop K-12 science standards. This is another very rewarding opportunity, and it allows me to meet educators from across the country and learn about the issues they face as they teach our children. 

So, don't hate me Internet. I haven't ignored you, I've just been busy. I promise to write more often in the future. Please don't give up on me. Be my Valentine! ;)