Wednesday Jul 30

Calling Bull$#** on Women in Infosec

Tuesday, 25 February 2014 10:11

Calling Bull$#** on Women in Infosec

Okay folks, I’m tired of hearing about “women in infosec” in its current topical form. I’ve stayed miles away from this topic for years, but now I’m going to speak up. And, to start the conversation, I call BULLSHIT. Not on the notion that we need more women in infosec, but on the methods, the justification and the explanation of why (or, lack thereof).  Hang tight for that one – the why – that’s coming in my next post.

Read more: Calling Bull$#** on Women in Infosec

JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

Friday, 21 February 2014 11:20

JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

Hey everyone, I know I’m a little behind getting my RSA Conference updates out, but, well, s#!7 happens! I hope you’ll accept my better-late-than-never post letting you know where I’ll be during this year’s RSA festivities. This year, be sure to check out the Neuro-hacking 101 session I’m presenting with Mike Rothman. I think it’s safe to say it’s one of the first (if not the only) of it’s kind for an infosec conference. Also, be sure to catch this year’s NAC P2P session. It always fill up quickly and this year we have a new twist.

Read more: JJ’s Sessions at RSA 2014- NAC, Mindfulness, Snowden and more

Calling All Infosec Curmudgeons at RSA

Friday, 21 February 2014 10:33

Calling All Infosec Curmudgeons at RSA

Well, that time is finally here, and in just a few days, Mike Rothman and I will be taking the stage at RSA 2014, in a room that seats 520 attendees, to discuss a topic never before breached at a security conference thus far. That’s 520 hearts and minds we have the opportunity to influence, but our goals aren’t so lofty. If we can open up just a handful of minds, that would be an amazingly gratifying experience. In fact, if the information we offer reaches just ONE of our infosec colleagues and offers a him or her a better life, well then, we’ll mark it as a success!

Realizing the descriptions provided in the booklets, and even online, are minimalist, (I guess that’s what’s expected at an event with 25+ tracks, hundreds of speakers and thousands of sessions) we thought you might like to know a little more about our strange little session on neurohacking and mindfulness. Specifically, we’ve received several questions about the appropriate colors of crystals to bring, and whether there will be Tarot cards available at the door. As it turns out, you guys are really funny, but there are no crystals or Tarot cards. Good one, though; that was very clever.

Read more: Calling All Infosec Curmudgeons at RSA

JJ’s Complete Unofficial (ISC)2 Voter Guidebook

Saturday, 16 November 2013 01:01

JJ’s Complete Unofficial (ISC)2 Voter Guidebook

My friends, I’ve posted a lot of content about the ISC2 elections. Here’s a central reference point to reach all that content in an organized fashion. Remember, voting is open from November 16th through November 30th (specifically 5pm Eastern US).

Read more: JJ’s Complete Unofficial (ISC)2 Voter Guidebook

Your ISC2 Election Write-In Guide

Saturday, 16 November 2013 12:31

Your ISC2 Election Write-In Guide

As part of my Complete Unofficial Guide to ISC2 Elections, I’m offering you detailed instructions and a single reference point for all your write-in needs.

Read more: Your ISC2 Election Write-In Guide

Wireless

Why more APs aren’t always better
Why more APs aren’t always better
Share
Lately, I’ve been forced to dispel a volume of wireless myths, both in way of technology and vendors. I’m not sure if it’s a full moon, or some other astrological occurrence, but it’s gotten a little crazy recently. So, I thought I’d take a few blog posts to address some wireless myths, in brief, to keep in the back of your head as you explore wireless solutions and upgrades in your environment. Here’s a thought on why more APs aren’t always better.
More
The Best Damn 802.11ac Channel Allocation Graphics, Ever
The Best Damn 802.11ac Channel Allocation Graphics, Ever
Share
As I was writing a series of wireless articles recently, I searched for graphics. I wanted a graphic that could show the 802.11 5GHz channels, clearly denote DFS frequencies while correctly noting the Dopplar-avoidance rules, visually show channel width options and also included the newly-added 802.11ac channel. My requirements for this graphic were apparently too demanding.
More
What’s missing from mobile security? RSA Juniper Session Recap
What’s missing from mobile security? RSA Juniper Session Recap
Share
RSA Report. RSA 2011 Sponsor Showcase Track Session: Defend Your Mobile Life
More
Smoke and Mirrors? The Upcoming Defcon WPA2 Crack
Smoke and Mirrors? The Upcoming Defcon WPA2 Crack
Share
Okay folks. A lot of people have asked me about this over the past two days, so here’s my response on the WPA2 vulnerability that’s to be announced at BlackHat and Defcon next week.
More

Other Stuff

Securing Multiple Device Auth on 802.1X
Share
Part II of the Clearing Up 802.1X Series Securing Multiple Device Authentication on 802.1X VLANs and Multiple Device Authentication I always say the road to insecurity is paved with good intentions, and implementations of 802.1X are some of the best examples. I find folks tend to be so excited if-and-when they get 802.1X working, that they don’t bother to put it through the ringer and see what’s actually happening on the switch once it’s working. More
Join me for the online P2P chat on BYOD this Thursday (RSA Conference Online)
Share
This Thursday, March 15th, I’ll be hosting the RSA Conference Online Peer2Peer chat session on BYOD, “Doubts, Dread and Decisions: Dealing with BYOD in the Enterprise”. The live P2P session at RSA was full 15 minutes before we started! If you missed that session, or couldn’t attend RSA, this is your opportunity to participate with your peers. Registration is free and open to the public. More