Welcome to the Down the Rabbithole NewsCast!

Join me in welcoming James Jardine ( @JardineSoftware) of Secure Ideas to the show as a permanent co-host! The NewsCast is a bi-weekly (2nd and 4th Monday of the month) release where we'll discuss the news and events of the past 2 weeks, and attempt to analyze, break down, and generally make sense of the madness of the Security industry and real world at large.

Also a big thanks to Todd Haverkos, the voice behind the hilarious intro you'll hear on this podcast, and all the others ...

Topics We Covered

• Apple's new 2-Factor Authentication went live
• Cisco made passwords weaker (whoops!) in their IOS
• The US Government struck out twice (SAM security issue, and a contractor "buys" warez)
• Celebrities get their credit info jacked
• S. Korea gets whacked with a nasty bug, wipes out 32,000 machines in one swoop

In this episode...

• We discuss "big data", what the heck it really is, and whether it's something new, something old, or something marketing made up
• Marcus does interpretive dance, and makes up new words
• Alex (shockingly) disagrees with Marcus, and actually describes 'data science'
• We hear Marcus talk about "NBS - never before seen" detection and why it's so critical
• We collectively agree (it's OK to be shocked) that "big data" is not a product
• Marcus discusses why you should be defending against the sniper
• The guests disagree on whether we have too little data, or whether we just don't know how to make it work for us
• Alex puts on a tinfoil hat ...

Guests

• Marcus Ranum ( @mjranum ) - Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is a pioneer in security technology who was one of the early innovators in firewall, VPN, and intrusion detection systems. Since the late 1980s, Marcus designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer to founder and CEO of NFR. In SC Magazine's 20th Anniversary Edition, Marcus was named as one of the top industry pioneers over the last 20 years. Marcus is currently the CSO at Tenable.
• Alex Hutton ( @alexhutton ) - Alex is the Director of Operations Risk & Governance for a very, very large financial, so he has to stay incognito. Frankly, it doesn't matter much whether he says where he works, the dude's one of the smartest people I know, and lives, breathes, and often excretes 'risk' knowledge.

Synopsis

This timely podcast is right on the heels of the US vs. Cotterman decision from the 9th Circuit Court of Appeals. One of the watershed decisions on privacy and digital law, this is an extremely important case that touches on whether government agents can take and search your digital property while crossing the border with or without cause or suspicion. Michael and Shawn give their analysis, and we get some critical information for international business travelers, as well as those of us in the security community who regularly cross the US border with sensitive, potentially encrypted or password-protected information.

Link to the original 9th Circuit Court of Appeals decision: http://cdn.ca9.uscourts.gov/datastore/opinions/2013/03/08/09-10139.pdf

You're not going to want to miss this podcast.

Guests

1. Michael Schearer ( @theprez98 ) - Security consultant and penetration tester by day, law student and hacker by night, proud Navy veteran, writer, promoter of civility in political discourse, Philadelphia and Penn State sports fanatic, practicing philomath, and last but certainly not least, Dad and Husband. Michael maintains a fantastic blog at http://theprez98.blogspot.com.
2. Shawn E. Tuma ( @shawnetuma ) - Partner at the law firm BrittonTuma and an attorney with a broad based business, litigation, and intellectual property litigation experience combined with his unique expertise with cutting-edge legal issues such as computer fraud, data security, privacy, and social media law. Shawn is a member of the Information Security Committee of the Section of Science & Technology Law for the American Bar Association and the Privacy, Data Security, and e-Commerce Committee of the State Bar of Texas. Shawn maintains a great resource for analysis on legal decisions http://www.shawnetuma.com.

Synopsis

Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of interest including the ugly phrase "it's a business decision" and why we say that. We also dive into how decisions are made, and why security and business are still often at odds on goals and acceptable 'risks'... and why our recommendations and guidance still falls on seemingly deaf ears.

We sample some of the sage wisdom of J.W. Goerlich as he runs his IT and security organization, and how he asks his security employees to think business, and put themselves into the frame of reference of the business when making decisions.

Jen Fox brings up Miller's Law, and teachs us to ask "What is that true of?" when framing discussions in the business context with non-technologists. Jen makes us think about frames of reference. She tells us that we must assume that a statement someone makes is true ... from their frame of reference and we simply must get inside their frame of reference to understand their thinking.

Steven Fox gives us a little bit of a glimpse into the government world where you can't always go sit down with the decision maker, and have to depend on your relationships, cooperation, and sometimes back-room politics to get things done.

I invite you to listen in, this is a timeless discussion that everyone should participate in.

Guests

• J.W. Goerlich - @JWGoerlich - Information Systems and Information Security Manager. Regular InfoSec practitioner, occasional speaker and writer. INTJ. #MiSec, #BSidesDetroit, #CSA, #Owasp
• Jen Fox - @J_Fox - Making security accessible to the end user. Independent consultant, biz analyst, tech-to-biz translator, and diplomat. CIPP/IT and locksport enthusiast.
• Steven Fox - @Securelexicon - I am a Security Architect at the U.S. Dept of the Treasury & Penetration Tester passionate about security as a business value and differentiator.