Tag Archives: Information security

  • 10

Why Professional Conferences Matter

Category:Higher Education,Information Security,Infosec Communicator,Leadchange,Social Networking,STC Rochester Tags : 

I’ve heard a lot of discussion recently that professional conferences aren’t needed anymore because of the inter-connectivity afforded by the Internet. Why is it reasonable to spend hundreds or even a couple of thousand dollars to attend a face-to-face conference?

Over the last week, I’ve been part of the leadership teams for and attended two conferences, the STC Rochester Spectrum regional technical communications conference and the EDUCAUSE Security Professionals Conference in San Antonio. It’s been an incredible experience.

Here’s what I’ve found:

  • Spectrum provided an opportunity for me to meet face-to-face with people I’ve been talking to via social networking for almost a year. This is important because I was able to have indepth conversations with key leaders about critical issues affecting our profession. These conversations wouldn’t have been viable in social media. They may have been doable through Skype or phone, but the ability to read the nuances of a conversation when you’re not together is really difficult.
  • Spectrum also provided STC Rochester an opportunity to showcase our abilities (and to have those abilities affirmed by other community and society leaders.) It was important for our chapter to understand our connections and I think our membership was “blown away” that international leadership would attend. We were truly honored.
  • Spectrum provided state of the art content in technical communications. In the sessions I facilitated, Kristi Leach was able to test a usability session with peers and gain invaluable feedback and Hannah Morgan provided a fresh look at the importance of social networking in your branding and in your career.  Other speakers presented key information about current tools and the future of our profession.

The Security Professionals conference allowed me to see (way too briefly) colleagues that I speak with on conference calls and work with, but from a distance of thousands of miles. We’ve become friends and it’s great to be able to unwind with a team that’s worked hard together all year.

  • The Security Professionals conference gave me the opportunity to present with a panel of fellow practitioners that are remediating private information at our respective universities. It gave our audience an opportunity to hear how four schools are tackling similar problems and the “unvarnished” truth of the stuggles we’ve faced and inroads we’ve made. This was invaluable to our attendees, because they could ask questions and establish the networking contacts that will save them time and dollars as they tackle similar problems. We become resources for each other.
  • The Security Professionals conference also allowed me to work in tandem with Cherry Delaney of Purdue University, my former co-chair of the Awareness and Training Working group. We were able to share with a group of ISOs, information security practitioners (and even a CIO) the steps needed to create a holistic strategic Security Awareness plan and share examples of how we’ve approached the task of educating end users. We were also able to work with them in small groups to develop specific steps and put together the beginnings of an action plan.

The interaction at a professional conference is one of the key enablers to moving forward in your profession, becoming “unstuck” when you’re out of ideas, and establishing a network of contacts to help each other.

This interaction was helped by the fact that the conferences were of a size (120 and 350) where you could actually see the same people in several venues. Large conferences don’t always allow for that.

For me, professional conferences matter.

What do you get out of them?

 

Related content


  • 0

Top Ten Ways to Shockproof Your Use of Social Media

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Social Networking,STC,Uncategorized Tags : 

How do you stay safe online? Here are ten ways to shockproof your use of social media:

Tip #1: Use strong passwords

Tip #2: Keep your computer patched and updated

Tip #3: Use appropriate security software

Tip #4: Learn to recognize phishing and other scams

Tip #5: Use social networks safely

Tip #6: Remember who else is using social networking sites

Tip #7: Be wary of others

Tip #8: Search for your name

Tip #9: Guard your personal information

Tip #10: Use privacy settings

Top Ten Ways to Shockproof Your Use of Social Media Presentation


  • 0

Digital Self Defense Workshop 101 (RRLC)

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Social Networking,Uncategorized Tags : 

I had the pleasure of presenting the following presentation to the Rochester Regional Library Council on Oct. 25th. It contains general Internet and computer safety tips and is slightly modified from a session we provide to faculty and staff at RIT.

Enhanced by Zemanta

  • 1

Developing a Security Mindset

Category:Higher Education,Information Security,Infosec Communicator,Risk,Uncategorized Tags : 

In my Cyber Self Defense course at the Rochester Institute of Technology, I teach a module on Developing a Security Mindset. Based on a class exercise by Tadayoshi Kohno at the University of Washington (mentioned in a blog posting by Bruce Schneier), the goal of the module is to reorient students’ thinking from the features of a product and how those features are supposed to be used to thinking about how someone might “hack” the product. In other words, develop a security mindset.

I ask the students to determine product assets and vulnerabilities and identify how someone might attack  the product. The students are told that they do not have resources to counter every possible threat.

I also have the students create a risk map that depicts the likelihood of a particular attack and the potential impact of that attack. Placing specific threats on a risk map helps students understand that since not all threats bear the same weight they need to choose what is most important to defend against.

The twist to the exercise is that students may not conduct an analysis of a computer-related product. For example, subjects presented by my students this quarter included Water Purification, Bicycle Safety, Running a Pizza Business, etc. As the students presented, we discussed their risk maps and the choices they made.

Group one risk map for a water purification plant

Although we may not agree with the students’ risk map, the exercise stretches IT students to think “outside the box.”

Enhanced by Zemanta

  • 0

Covert Affairs Gets It (mostly) Right

Category:Information Security,Infosec Communicator,Risk Tags : 
Artist's conception of a WGS satellite in orbit
Image via Wikipedia

When television and movies use information security as their storyline, they typically pass up accuracy for the sake of drama. I was pleasantly surprised when a recent episode of Covert Affairs actually got the information security content mostly right.

In the episode in question, the character Natasha plays a freelance hacker who was employed by Russian organized crime to develop malware. Natasha demonstrates a successful hack that immobilizes a communications satellite and most computer-controlled infrastructure such as phones, television, traffic lights, etc. Although the ability to create a hack that could accomplish all of these goals is a bit of a stretch, Covert Affairs got some things right.

Organized crime and freelance hackers

When I first began working in information security several years ago I was told by a co-worker that organized crime was responsible for much of the malware developed today. I was very surprised as I had not thought about how malware attacks might be funded. Organized crime does hire freelance hackers to develop malware, although the most common purpose is to aid in identity theft. Although the hack demonstrated in the episode is something you might expect to see in a cyber attack and is not as common as that developed for identity theft, there have been computer attacks on infrastructure in Estonia and Georgia, and the United States certainly attempted to paralyze the infrastructure of Iraq before Desert Storm. In 2010, the United States Cyber Command was announced.

Using computer code in a way that it’s possible to identify the author

Security experts do examine some hacks to try to determine its author, especially if its a severe attack. Check out this article in Wired Magazine “Pentagon Searches for ‘Digital DNA’ to Identify Hackers” (https://www.wired.com)

Kudos to Covert Affairs for making an effort to get the technical details correct.

Enhanced by Zemanta

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,234 other subscribers

Categories

Support Introverted Leadership on Patreon

Blubrry affiliate banner