Thursday Apr 17

Calling Bull$#** on Women in Infosec

Tuesday, 25 February 2014 10:11

Calling Bull$#** on Women in Infosec

Okay folks, I’m tired of hearing about “women in infosec” in its current topical form. I’ve stayed miles away from this topic for years, but now I’m going to speak up. And, to start the conversation, I call BULLSHIT. Not on the notion that we need more women in infosec, but on the methods, the justification and the explanation of why (or, lack thereof).  Hang tight for that one – the why – that’s coming in my next post.

Read more: Calling Bull$#** on Women in Infosec

JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

Friday, 21 February 2014 11:20

JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

Hey everyone, I know I’m a little behind getting my RSA Conference updates out, but, well, s#!7 happens! I hope you’ll accept my better-late-than-never post letting you know where I’ll be during this year’s RSA festivities. This year, be sure to check out the Neuro-hacking 101 session I’m presenting with Mike Rothman. I think it’s safe to say it’s one of the first (if not the only) of it’s kind for an infosec conference. Also, be sure to catch this year’s NAC P2P session. It always fill up quickly and this year we have a new twist.

Read more: JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

Calling All Infosec Curmudgeons at RSA

Friday, 21 February 2014 10:33

Calling All Infosec Curmudgeons at RSA

Well, that time is finally here, and in just a few days, Mike Rothman and I will be taking the stage at RSA 2014, in a room that seats 520 attendees, to discuss a topic never before breached at a security conference thus far. That’s 520 hearts and minds we have the opportunity to influence, but our goals aren’t so lofty. If we can open up just a handful of minds, that would be an amazingly gratifying experience. In fact, if the information we offer reaches just ONE of our infosec colleagues and offers a him or her a better life, well then, we’ll mark it as a success!

Realizing the descriptions provided in the booklets, and even online, are minimalist, (I guess that’s what’s expected at an event with 25+ tracks, hundreds of speakers and thousands of sessions) we thought you might like to know a little more about our strange little session on neurohacking and mindfulness. Specifically, we’ve received several questions about the appropriate colors of crystals to bring, and whether there will be Tarot cards available at the door. As it turns out, you guys are really funny, but there are no crystals or Tarot cards. Good one, though; that was very clever.

Read more: Calling All Infosec Curmudgeons at RSA

JJ’s Complete Unofficial (ISC)2 Voter Guidebook

Saturday, 16 November 2013 01:01

JJ’s Complete Unofficial (ISC)2 Voter Guidebook

My friends, I’ve posted a lot of content about the ISC2 elections. Here’s a central reference point to reach all that content in an organized fashion. Remember, voting is open from November 16th through November 30th (specifically 5pm Eastern US).

Read more: JJ’s Complete Unofficial (ISC)2 Voter Guidebook

Your ISC2 Election Write-In Guide

Saturday, 16 November 2013 12:31

Your ISC2 Election Write-In Guide

As part of my Complete Unofficial Guide to ISC2 Elections, I’m offering you detailed instructions and a single reference point for all your write-in needs.

Read more: Your ISC2 Election Write-In Guide

Wireless

Smoke and Mirrors? The Upcoming Defcon WPA2 Crack
Smoke and Mirrors? The Upcoming Defcon WPA2 Crack
Share
Okay folks. A lot of people have asked me about this over the past two days, so here’s my response on the WPA2 vulnerability that’s to be announced at BlackHat and Defcon next week.
More
Listen to our PCI Wireless Podcast
Listen to our PCI Wireless Podcast
Share
Immediately after landing in Las Vegas for Black Hat and Defcon, I (literally) gathered my luggage and ran to the hotel to check in and hop on the StillSecureAfterAllTheseYears (SSAATY) Podcast with some of my favorite trouble-making colleagues for throw my two cents in on the PCI Wireless Podcast.
More
The Aruba – AirWave ‘Merger’
The Aruba – AirWave ‘Merger’
Share
After last week’s announcement of the Aruba-AirWave merger, many are asking what’s in store for the newly-acquired AirWave. I mean… merged. (This word tends to bring to mind a really big tail and a really small dog).
More
WEP Sucks, so Why are You Using It?
WEP Sucks, so Why are You Using It?
Share
We all know it… we all talk about… we all say how ‘bad’ it is. Yes, we know WEP SUCKS – so why are you still using it? Yes- I’m talking to YOU!
More

Other Stuff

Juniper Switches: Refrigerator Art?
Share
I’ve been reading, listening and collecting my thoughts on Juniper’s latest addition to their happy hardware family and I’ve reached a few conclusions. I’d have to give it all a B+… for Blown, way out of proportion (that’s the + part). More
Analysis after the demo: Hole 196 and the WPA2 vulnerability
Share
You guys asked me to break out this information instead of posting as comments on the original post. Here is more updated information on the WPA2 Hole 196 vulnerability now that AirTight has given the demo at BlackHat/Defcon. More