Down the Security Rabbithole

Mon, 31 October 2011
Down the Rabbithole - MicroCast 01 - Security is Just Good IT

Synopsis

  This is the first MicroCast, a new 15-minute format jammed packed with a series of great topics.  This time around, Jack Nichelson joins me and tells us how Bruce Lee feels about IT Security (this is a great quote!), why really good IT Security is just really good IT, and whether we will all be replaced by "Cyber-Insurance" policies.  Yikes ... this is definitely 15 minutes you'll be happy you listened.

Guest:

  • Jack Nichelson - Jack is an information security officer at a very large industrial enterprise.  Jack's background is not IT Security, but he is a venteran of technology, and a master story-teller.  Jack can be found on Twitter as "@jack0lope".
Direct download: Down_the_Rabbithole_-_MicroCast_01_-_Jack_Nichelson_-_Security_is_Just_Good_IT.mp3
Category:Information Security -- posted at: 4:35pm CST
Mon, 24 October 2011
Down the Rabbithole - Episode 4 - Effective Small Business Security

Synopsis

  This is a special episode for anyone who's feeling like "Information Security" in their small business is impossible.  My guests and I talk through how to make information security a proper entity that can both serve the business need, and be respected; more than just survival, it's about making security thrive in the small business.  Michael potificates on what makes the security community such a valuable resource to security managers in his position, and we go into what advice you could give a vendor selling into a small business ... what a fascinating discussion!

Guests

  • J.W. Goerlich - Network and Security Manager for a midwestern financial organization
    Wolfgang has 15 years in IT, with a InfoSec focus for the past 5 years. He has a deep background in risk management and business continuity for SMB firms.
  • Michael Allen - Information Systems Security Officer for a Jamaican-based financial Institution. Michael has over 8 years experience in IT, with a focus on Infosec during the last 4 years. He has a strong background in application development with a keen interest in penetration testing, software security assurance and network security.

Links

Direct download: Down_the_Rabbithole_-_Episode_04_-_Effective_Small_Business_Security.mp3
Category:Information Security -- posted at: 1:51pm CST
Mon, 10 October 2011
Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"

Synopsis

  Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance.  That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind.  While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think.

  In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work.  Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary.

  I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship.

Guests

  • Rohit Sethi - VP Product Development at SD Elements (http://www.sdelements.com)
    Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project. 
  • Glenn Leifheit - Lead Information Security Consultant at FICO (http://www.fico.com)
    Glenn Leifheit, CISSP, CSSLP is a Senior Security Architect at FICO. He has worked in developing, managing, architecting and securing large scale applications for over 15 years. His day is spent rolling out an Enterprise secure software development lifecycle and managing PCI requirements as well as secure software reviews. Glenn is active in the Technology community as the Co-Chair of (ISC)2 Application Security Advisory Board, President of TechMasters Twin Cities, as an active member of IASA (International Association of Software Architects) and OWASP (Open Web Application Security Project) as well as a regional speaker evangelizing secure software. Glenn's blog is located at www.glennleifheit.com. 

Links

  • No links for this podcast...
Direct download: Down_the_Rabbithole_-_Episode_3_-_QA_and_Security_Can_we_make_it_work.mp3
Category:Information Security -- posted at: 4:34pm CST
1

Hosts

Rafal Los (@wh1t3rabbit)
James Jardine (@jardinesoftware)
Michael Santarcangelo (@catalyst)

Categories

Information Security
general
software development
Cyber Law
Enterprise Security
FeatureCast
CyberCrime
Security Specialists Panel
NewsCast
enterprise risk
advanced threat
administrivia
MicroCast

Syndication
Keyword Search

October 2011
S M T W T F S
     
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31


Archives
January

December
November
October
September
August
July
June
May
April
March
February
January

December
November
October
September
August
July
June
May
April
March
February
January

December
November
October
September
August
July
June
May
April
March
February
January

December
October
September
August
July
June
May
April
March
February
January

December
November
October
September