If this is how you view security architecture, you are doomed to failure. Tools alone cannot keep up with threats, or solve all our problems.

The commentary of a security heretic, skeptic and wayward scientist.
For my part I know nothing with any certainty, but the sight of the stars makes me dream. -Vincent Van Gogh
Sunday, June 15, 2014
Thursday, February 13, 2014
Security Advisor Alliance
I just wrapped up a great podcast with the Security Advisor Alliance, moderated by Neil Thacker. This neat idea for an organization is something that Jason Clark (CSO/Accuvant) brought to me two years ago, when he was at Websense, and I am really happy to see it coming to fruition.
The Security Advisor Alliance is a coalition of a couple dozen experienced CISOs, who are willing to donate some of their personal time each month to advise and give back to the security community. It's a great idea and so if you attend RSA Conference, look for me or find Jason Clark and ask about how you can get involved!
The podcast archives can be found here, or on iTunes: http://securityadvisoralliance.com/podcast/
The Security Advisor Alliance is a coalition of a couple dozen experienced CISOs, who are willing to donate some of their personal time each month to advise and give back to the security community. It's a great idea and so if you attend RSA Conference, look for me or find Jason Clark and ask about how you can get involved!
The podcast archives can be found here, or on iTunes: http://securityadvisoralliance.com/podcast/
Visualize This! Meaningful Metrics for Measuring Risk
I am very glad to be moderating another great risk management and metrics panel for the third year in a row, at RSA Conference! The panel is a continuation of the great work we did at last year's RSA Conference, where we had an encore because of the overflow from the first time slot.
The panelists are: Alex Hutton, Jack Jones, David Mortman and Caroline Wong. What a great line-up of experts to have.
Please visit the RSA Conference website for more details on the panel, which will be at 10:20AM on Friday, February 28: http://www.rsaconference.com/events/us14/agenda/sessions/1097/visualize-this-meaningful-metrics-for-managing.
Abstract: Metrics are incredibly useful and a critical input for making risk decisions, but finding the right metrics and interpreting them is often a scary proposition for many security groups. We’ll share strategies for choosing metrics as well as how to use tools such as visualization to make those metrics and associated risk decisions easier, more informative and most importantly more useful.
The panelists are: Alex Hutton, Jack Jones, David Mortman and Caroline Wong. What a great line-up of experts to have.
Please visit the RSA Conference website for more details on the panel, which will be at 10:20AM on Friday, February 28: http://www.rsaconference.com/events/us14/agenda/sessions/1097/visualize-this-meaningful-metrics-for-managing.
Abstract: Metrics are incredibly useful and a critical input for making risk decisions, but finding the right metrics and interpreting them is often a scary proposition for many security groups. We’ll share strategies for choosing metrics as well as how to use tools such as visualization to make those metrics and associated risk decisions easier, more informative and most importantly more useful.
Castles in the Cloud: Data Protection in the Consumer Age
I am excited to be speaking with Jason Clark (CISO/Accuvant) at RSA Conference next week. Our talk is titled, "Castles in the Cloud: Data Protection in the Consumer Age". You can listen to our podcast here: http://t.co/FEpxu3RqI0.
Join us at 10:40AM on Wednesday, February 26 at RSA Conference!
For details on the presentation, visit the RSA Conference site: http://www.rsaconference.com/events/us14/agenda/sessions/1118/castles-in-the-air-data-protection-in-the-consumer
Abstract: The consumerization of IT (CoIT) involves what Gartner calls the 'Nexus of Forces': Social, Cloud, Big Data, Mobile and the Internet of Things. We all see our organizations rushing to embrace these trends, and often security is left out or considered as an afterthought. This talk will present a data-centric strategy to both secure and enable the business to leverage these important trends.
Join us at 10:40AM on Wednesday, February 26 at RSA Conference!
For details on the presentation, visit the RSA Conference site: http://www.rsaconference.com/events/us14/agenda/sessions/1118/castles-in-the-air-data-protection-in-the-consumer
Abstract: The consumerization of IT (CoIT) involves what Gartner calls the 'Nexus of Forces': Social, Cloud, Big Data, Mobile and the Internet of Things. We all see our organizations rushing to embrace these trends, and often security is left out or considered as an afterthought. This talk will present a data-centric strategy to both secure and enable the business to leverage these important trends.
Insider Threat Webinar
I have a webinar on Thursday, February 13 at 1PM EST on the topic of Insider Threat. The webinar is with Bob West, CSO at IntelligentID, and is sponsored by Luxoft.
Friday, January 31, 2014
7 Characteristics of a Good Learner
I wanted to share an article that came in my faculty email today. This is a great reminder of what we should aspire to be as teachers. [Source: The Teaching Professor Blog]
- Good learners are curious – They wonder about all sorts of things, often about things way beyond their areas of expertise. They love the discovery part of learning. Finding out about something they didn’t know satisfies them for the moment, but their curiosity is addictive.
- Good learners pursue understanding diligently – A few things may come easily to learners but most knowledge arrives after effort, and good learners are willing to put in the time. They search out information—sometimes aspiring to find out everything that is known about something. They read, analyze, and evaluate the information they’ve found. They talk with others, read more, study more, and carry around what they don’t understand; thinking about it before they go to sleep, at the gym, on the way to work, and sometimes when they should be listening to others. Good learners are persistent. They don’t give up easily.
- Good learners recognize that a lot of learning isn’t fun – That doesn’t change how much they love learning. When understanding finally comes, when they get it, when all the pieces fit together, that is one special thrill. But the journey to understanding generally isn’t all that exciting. Some learning tasks require boring repetition; others a mind-numbing attention to detail; still others periods of intense mental focus. Backs hurt, bottoms get tired, the clutter on the desk expands, the coffee tastes stale—no, most learning isn’t fun.
- Failure frightens good learners, but they know it’s beneficial – It’s a part of learning that offers special opportunities that aren’t there when success comes quickly and without failure. In the presence of repeated failure and seeming futility, good learners carry on, confident that they’ll figure it out. When faced with a motor that resists repair, my live-in mechanic announces he has yet to meet a motor that can’t be fixed. Sometimes it ends up looking like a grudge match, man against the machine, with the man undeterred by how many different fixes don’t work. He’s frustrated but determined to find the one that will, all the while learning from those that don’t.
- Good learners make knowledge their own – This is about making the new knowledge fit with what the learner already knows, not making it mean whatever the learner wants. Good learners change their knowledge structures in order to accommodate what they are learning. They use the new knowledge to tear down what’s poorly constructed, to finish what’s only partially built, and to create new additions. In the process, they build a bigger and better knowledge structure. It’s not enough to just take in new knowledge. It has to make sense, to connect in meaningful ways with what the learner already knows.
- Good learners never run out of questions – There’s always more to know. Good learners are never satisfied with how much they know about anything. They are pulled around by questions—the ones they still can’t answer, or can only answer part way, or the ones without very good answers. Those questions follow them around like day follows night with the answer bringing daylight but the next question revealing the darkness.
- Good learners share what they’ve learned – Knowledge is inert. Unless it’s passed on, knowledge is lost. Good learners are teachers committed to sharing with others what they’ve learned. They write about it, and talk about it. Good learners can explain what they know in ways that make sense to others. They aren’t trapped by specialized language. They can translate, paraphrase, and find examples that make what they know meaningful to other learners. They are connected to the knowledge passed on to them and committed to leaving what they’ve learned with others.
Good teachers model this kind of learning for their students, which makes me believe that “good learner” belongs on those lists of good teacher characteristics.
Subscribe to:
Posts (Atom)