I’d almost forgotten that David Spark ambushed Ben Tomjave, Andrew Storms and me with a video camera on the first day of RSA last week.  Read More →

Can you hear that? That’s the sound of air escaping as we all finally recover from the RSA conference. Rich and Martin are back, and Zach… never left (but did celebrate a birthday last week). We do a quick recap of RSA and then dig into the security news… much of which had nothing to do with the conference. Weird. Network Security Podcast, Episode 188, March 9, 2010 Time:  Read More →

Snort was one of the first security tools I ever used.  Read More →

It’s hard doing interviews on the showroom floor at RSAC.  Read More →

Jan Hichert, CEO of Astaro Internet Security , and I met in one of the quieter hallways of the 2010 RSA Convention.  Read More →

While I’m sure Mikko Hypponen, Chief Research Officer at F-Secure , is getting as tired as hearing the term APT* as the rest of us are, he had some insight into what’s really happening with this threat and the fact that it’s not something new, it’s just the acknowledgment that it’s happening that’s new.  Read More →

Note:  Read More →

I caught up with Pedro Bustamante, Senior Research Analyst from Panda Security , for a brief interview about what his company is doing in 2010.  Read More →

One of the things I don’t believe we see enough of in the security field is independent testing.  Read More →

As a PCI QSA, one of the big technologies I’m looking at this show is end-to-end encryption (E2EE).  Read More →

The good thing about living close to San Francisco is that I can work from home this morning and head in to the Moscone Center in the early afternoon.  Read More →

My friend Alex Hutton and the rest of the RISK Team at Verizon Business have done it again! This time rather than release a report about breaches however, they’ve release the Verizon Incident Sharing Metrics Framework ( VerIS for short ).    All the awesomeness that went into creating the 2009 Verizon Breach Report is being shared with the incident response community so that we can compare apples to apples when it comes to compromises. ... 

This video showing how Hitler would have responded to a breach of his Cloud Computing infrastructure was especially funny to me coming on the tail of sitting in on this week’s Cloud Audit conversation.  Read More →

If you want to do some research on specific technologies at the RSA Conference 2010, you won’t be led too far astray reading the guide Rich and the Securosis crew put together .  Read More →

I make no secret about being a privacy advocate, however many people misunderstand what I’m against when I talk about our government spying on us.  Read More →