cyber-security | Tales from the Technoverse

My GWU Discussion – Part 3 – What to do About Cybersecurity

by Daniel
May 30, 2011

This is my third (and thankfully to most readers, last) post about a class at I gave at George Washington University earlier this year. The professor, Dr. Robert McCreight, invites me to be a guest lecturer on cyber-security from time to time. I posted a copy of my slides in the previous two posts and do so again here:

George Washington University Slides on Cyber-Security

In the last post I returned as I often do to the question “How to be secure when each component of your solution is itself insecure?”. I find that most practitioners, and in particular their management, are in denial on this issue. While my first suggested step which is to practice security hygiene is useful it does not help against a determined attacker.

While I am not sure if anything short of not connecting to anyone will work all the time, two possible approaches seem promising.

My GWU Discussion – Part 3 – What to do About Cybersecurity

My GWU Discussion – Part 2 – What to do About Cybersecurity

by Daniel
May 13, 2011May 30, 2011

Previously, I had written about a class at George Washington University to which the professor, Dr. Robert McCreight, invites me to be a guest lecturer on cyber-security from time to time. I posted a copy of… My GWU Discussion – Part 2 – What to do About Cybersecurity

WikiLeaks

by Daniel
December 29, 2010

Since the latest set of releases associated with US diplomacy through WikiLeaks there has been endless commentary on all aspects of the leaks. I have read through many of the comments and columns and been… WikiLeaks

Brief Thoughts On Security and Other IT Policies

by Daniel
December 18, 2010February 9, 2011

I am finishing up grading final papers for my Syracuse University class on security policy. Each semester I find I learn a great deal from reading the papers and interacting with the students about them.… Brief Thoughts On Security and Other IT Policies

The Problem With Government Security

by Daniel
June 23, 2010

During the time I served as the CIO at the US Department of Transportation when I wanted to annoy my Chief Information Security Officer (CISO) of the CISO staff, I would point out that in my opinion there were two things wrong with computer security within the Federal Government.

First, we put security in charge.

Second, we kept secrets.

If we solved for those two issues, we would not have a security problem.

Of course, I was joking. Well sort of.The Problem With Government Security

My Slides from the University of Maryland University College 2010 Annual Cybersecurity and Homeland Defense Symposium

by Daniel
June 20, 2010

Last month I was the keynote speaker at the University of Maryland University College 2010 Annual Cybersecurity and Homeland Defense Symposium and Job Fair, http://www.umuc.edu/securitystudies/cybersymposium_agenda.shtml.

A few people asked me to post my presentation, but I have found that my current job as the COO at Powertek Corporation has caused me to miss many of my self-imposed deadlines for doing many things, including updating my blog.My Slides from the University of Maryland University College 2010 Annual Cybersecurity and Homeland Defense Symposium

Webinar on Cybersecurity: Building Secure Federal Systems

by Daniel
March 8, 2010

I was pleased to be asked to be part of a webinar sponsored by Government Executive this Thursday at 2:00pm EST and even happier when Pat Howard, the CISO from the Nuclear Regulatory Commission accepted an invitation to join me.

The webinar, moderated by Adam Ross, the Managing Editor from the SANS Institute, will focus on some of the challenges faced in creating secure Federal Systems. With the growing movement for speed-to-market and the movement to the cloud, and associated buzz words, and with the increased publicity about cyber-attacks, how we should best deal with such issues is becoming a still greater issue.Webinar on Cybersecurity: Building Secure Federal Systems

Cyber-Security Discussion at the Fedscoop Conference

by Daniel
October 15, 2009

I was lucky enough to be part of a panel discussing cyber-security at a Fedscoop conference Wednesday, October 14, at the Newseum. The agenda for the conference is here: http://fedscoopevents.com/agenda.php. I thought it might be useful to summarize my general points for those who were not able to attend.

The theme of the conference was Lowering the Cost of Government with Technology though the panel’s comments ranged from cost issues to government 2.0 and social networking to cyber-security in general.

The panel was moderated by Chris Dorobek, the afternoon co-anchor for WFED. The other panelists included Vance Hitch, the Department of Justice CIO, Pat Howard, the Chief Information Security Officer, CISO, for the Nuclear Regulatory Commission, Dr. Ron Ross, a key figure in defining security requirements and policy at the National Institute of Standards and Technology, NIST, Gary Galloway, the Deputy Director for Information Assurance at the Department of State, and Rue Moody, the Director of Strategic Technology at Citrix.

Cyber-Security Discussion at the Fedscoop Conference

CIO Magazine Article On Cybersecurity

by Daniel
July 16, 2009

The lead story in the July 1, 2009 issue of CIO Magazine deals with cyber-security. The Editor’s Letter headline is: “Whac-A-Mole” Approach to Security and contains the following paragraph: “It’s hard to imagine more appropriate… CIO Magazine Article On Cybersecurity