Friday Feb 23

It’s (ISC)2 Election Time: Let’s make CISSP great again, or #notmycissp

Monday, 14 November 2016 10:08

It’s (ISC)2 Election Time: Let’s make CISSP great again, or #notmycissp

Friends, the memes have started. “Let’s make CISSP great again” is peppering my thread along with snarky hashtags such as #notmycissp. I admit, I love the humour and fun and the little bit of tongue-in-cheek poking and harassing that comes along with the annual (ISC)2 elections. In fact, I fully expect to hear reports that Harambe had a successful petition. I want to share a few important fundamental thoughts on the Board, and the elections.

Each year for the past several years I’ve climbed the mountain tops and rooftops and, in my best and most boisterous cheerleader voice, I’ve made the call to vote and urged everyone to do a little research and a lot of voting.

Well, this year I’m back on the ballot. More on that in a moment. First I want to tell you why voting is important, what your participation affects, and then in a separate post I’ll talk about me and my goals as a candidate.

Serving these last few years, I’ve had some personal goals in my head — goals related to number of members voting and other engagement. This year is no different, and even if you’re not voting for me, I urge you to vote and help move this needle!

Let’s take a stroll down the important fundamental elements. What you’re about to read are my words and my opinions only and do not in any way represent the opinions of other Board member or anyone affiliated with (ISC)2.

isc2-election-2016What board members do
Corporate Governance- Board members determine policies, develop procedures, and provide strategic direction for the organization. This is taken right off the (ISC)2 website. Note that said “provide strategic direction”, that’s important for a later discussion.

What board members *don’t* do

Board members do not participate in the daily operations or even daily oversight of management. The Board does not tell the organization’s management team how to do their job, nor does it advise on tactical items. The Board has one employee, and one employee only, and that’s the CEO of (ISC)2. The CEO then executes the strategy as directed by the Board. The Board does not have any oversight of the Advisory Committees, Chapters, or any partnerships by the organization.

You and the organization want Board members who have:

  • Leadership experience
  • Proven record directing strategic program in an enterprise
  • Experience in managing companies, departments, business units, finances, and/or teams
  • Earned respect and trust of peers
  • Advanced the field of information security
  • The ability to listen, analyze, think clearly and creatively
  • A sense of honesty, sensitivity, and tolerance of differing views
  • A even stronger sense of humour

Commitments from Board members

In the past few years, we’ve seen a lot of people talk a good game, and then fail to produce. Hell, honestly some of them have been my friends, and for brief flickers of time I have fallen victim to the hurricane of life and the inevitable failure that accompanies juggling 60+ hours of work along with 20+ hours of volunteer for weeks on end. As you vote, look for people who have the willingness to roll up their sleeves and get dirty in order to get things done. Look for people who will ask questions, take responsibility and follow through on tasks. And for the love of S’mores (it’s the only way I’ll eat marshmallows), please make sure who you vote for has competency in at least some business/department/people management and can participate in those conversations and read a financial statement.
TL:DR? My thoughts in 3 bullets.

  1. Please vote, and make it count
  2. Know what the Board does (and doesn’t do)
  3. Research and vote for candidates that will help drive strategy

Those are my thoughts for today. Below are some additional ‘official’ resources.

  • Official Election Forum on LinkedIn
    https://www.linkedin.com/groups/12017541
  • Board Election Slate 2016
    https://www.isc2.org/board-election-process/default.aspx
  • Board FAQs
    https://www.isc2.org/board-of-directors-faqs/default.aspx
  • Board Election Process
    https://www.isc2.org/board-slate/default.aspx

###

The Official RSA Conference Guide by Industry’s Top Snarkers

Friday, 27 March 2015 07:03

The Official RSA Conference Guide by Industry’s Top Snarkers

Sure, sure — you can check out the voluminous agenda and event catalogs detailing what you’ll find at RSA this year. But to get the real scoop on “where the world talks security”, you need an insider’s view, and the most accurate, full-featured, and entertaining take on the world’s largest security conference comes from us. Head over to the RSA Conference Blog site and soak in all the blogs you can find from the Securosis Team.

I’m delighted and honored to join my colleagues in contributing to this year’s conference Official (Unofficial) RSA Conference Guide. Like Rich said, I still can’t believe RSA gave us a mile-long leash; I’m looking around in disbelief, waiting for posts to disappear from the site.

Read more: The Official RSA Conference Guide by Industry’s Top Snarkers

InfoSec World- Best, Worst and Common Practices for Securing Enterprise WiFi

Monday, 23 March 2015 12:00

InfoSec World- Best, Worst and Common Practices for Securing Enterprise WiFi

The afternoon of Monday, March 23rd at InfoSec World in Orlando, I’ll be giving a talk in the mobile track titled “Best, Worst and Common Practices for Securing Enterprise WiFi“. Since the event site doesn’t post the full abstract, I figured I’d share it here for you, and I’ll tweet the crap out of it so you can find it.

Read more: InfoSec World- Best, Worst and Common Practices for Securing Enterprise WiFi

Your Favorite Speakers at Infosec World 2015

Sunday, 15 March 2015 10:45

Your Favorite Speakers at Infosec World 2015

Okay, in full disclosure this probably isn’t going to be a list of YOUR favorite speakers, but it’s a list of some friend, colleagues, and mentors you don’t want to miss at this year’s Infosec World.

A key to the session ID codes is below, and my favorite schedule format is their at-a-glance you can get here http://www.infosec-world.com/OS15_Grid_for_Web.pdf. Infosec World 2015 is March 23-25 at Disney’s Contemporary Resort in Orlando, FL.

In no particular order… Oh, actually these are mostly alphabetical by last name. Deviant’s at the top because I wanted that handsome devil above the crease. That, and he’s doing an opening keynote.

Read more: Your Favorite Speakers at Infosec World 2015

Diana Kelley: 3 Books that Changed My Life

Saturday, 14 March 2015 08:52

Diana Kelley: 3 Books that Changed My Life

In this series, I asked infosec professionals to name 3 books that changed their life. This entry features picks from Diana Kelley, an industry mover and shaker currently serving as an executive in IBM Security Systems.

If you looked at my profile and Diana’s side-by-side, you’d think we must run in the same circles – we’ve spoken at many of the same events, both serve as faculty at IANS, have written content for the same magazines. But the truth is I didn’t “find” Diana until some time last year, and it was purely by chance. She’s one of those extremely level-headed, fun, and energetic people that just has a magnetism you can’t resist and she’s a pure bottomless pit of positive professional energy. Going in to 2015, I look forward to connecting more with Diana. You can too, through the links at the bottom of this post.

Read more: Diana Kelley: 3 Books that Changed My Life

Wireless

Listen to our PCI Wireless Podcast
Listen to our PCI Wireless Podcast
Share
Immediately after landing in Las Vegas for Black Hat and Defcon, I (literally) gathered my luggage and ran to the hotel to check in and hop on the StillSecureAfterAllTheseYears (SSAATY) Podcast with some of my favorite trouble-making colleagues for throw my two cents in on the PCI Wireless Podcast.
More
The Best Damn 802.11ac Channel Allocation Graphics, Ever
The Best Damn 802.11ac Channel Allocation Graphics, Ever
Share
As I was writing a series of wireless articles recently, I searched for graphics. I wanted a graphic that could show the 802.11 5GHz channels, clearly denote DFS frequencies while correctly noting the Dopplar-avoidance rules, visually show channel width options and also included the newly-added 802.11ac channel. My requirements for this graphic were apparently too demanding.
More
JJ’s RSA Session: Jumping Wireless Hurdles in the Enterprise
JJ’s RSA Session: Jumping Wireless Hurdles in the Enterprise
Share
Hi everyone, Long time, no blog. I know. But, I wanted to let you know I’ll be at RSA this week. Just in case you didn’t dig through the hundreds of sessions at RSA and realize I’d be hosting a Peer2Peer, here’s the info for you!
More
WEP Sucks, so Why are You Using It?
WEP Sucks, so Why are You Using It?
Share
We all know it… we all talk about… we all say how ‘bad’ it is. Yes, we know WEP SUCKS – so why are you still using it? Yes- I’m talking to YOU!
More

Other Stuff

Juniper Switches: Refrigerator Art?
Share
I’ve been reading, listening and collecting my thoughts on Juniper’s latest addition to their happy hardware family and I’ve reached a few conclusions. I’d have to give it all a B+… for Blown, way out of proportion (that’s the + part). More
Analysis after the demo: Hole 196 and the WPA2 vulnerability
Share
You guys asked me to break out this information instead of posting as comments on the original post. Here is more updated information on the WPA2 Hole 196 vulnerability now that AirTight has given the demo at BlackHat/Defcon. More

Search

Get Social

RSSFacebookLinkedinYoutube

NetworkedBlogs

Subscribe

Enter your email address:

Delivered by FeedBurner