Friday Jun 23

Posts Tagged ‘security’

Aug
05/09
Oh, did you think I was a recruiter?
Last Updated on Thursday, 6 August 2009 04:58
Written by jj
Wednesday, August 5th, 2009
Share

Over the past several weeks, I have received an INORDINATE amount of emails, blog contacts, FaceBook and LinkedIn messages from eager IT beavers seeking out new opportunities for employment.

I’ve been receiving these pleas from people I do not know. Perhaps it’s due to my involvement in ISSA or other professional organization. So… did you think I was a recruiter? Does CISO now stand for Career Information and Search Organizer? Who knows.

Get IT Security Career Advice
Now, most of you that know me know I’ll gladly help whenever I can and pass along any contacts, tips and resources – some of my favorites being those from L.J. Kushner and Associates. You can find Kusher and Associates at their site there and read great advice on the Information Security Leaders site, run by Lee Kushner and Mike Murray- both extremely well connected and effective professionals. If you’re a Twit, find blog tweets at @LJKush or follow Mike at @mmurray.

On a much less serious note, I thought I’d post a fun little show and tell here.

Looking to Hire a Security Pro?
Your Friendly Job Placement Person (that’s me evidently) has qualified candidates seeking opportunities in a variety of IT security fields, including:

  • Log Management, Data Analysis and Data Visualization
  • Audit and Compliance Security Assessors
  • Audit and Compliance Policy Review Professionals
  • Firewall, IDS/IPS Systems Administrators
  • PHP and Application Programmer
  • Communications and PR Managers
  • Network Security SE Managers <- no, not me
  • We have two candidates seeking positions as astronauts
  • One candidate seeking a part-time position as a princess

I’m sure I’m missing a few people. Please feel free to add your candidate information below as ‘LOOKING’. Or, for organizations seeking candidates, please post a ‘SEEKING’ comment. You may post anonymously, but make sure there is valid contact information or direct people to a link containing the job listing if you’re using a recruiter. If you post something completely ridiculous and not serious, hopefully it is funny enough that readers know it’s a joke.

Some of the above positions are real; names have been changed to protect the innocent.

Become a Security Rockstar
If the resources on Kush’s and Murray’s sites are not enough, you can learn how to be a Security Rockstar from CyberWar CloudSec Master Luminary (and Virtual Social Media Expert) Chris Hoff by reading this recent post. If you’re an audial learner, you can listen to the Security Rockstar song here.

# # #

Tags: , , ,   |  Posted under Industry Insider  |  Comments  6 Comments
Dec
26/08
The Problem with a Booming Industry in a Looming Economy
Last Updated on Friday, 26 December 2008 02:13
Written by jj
Friday, December 26th, 2008
Share

As most of my readers know, the company I work for (you know, the day job) is what we call a VAR (value-added reseller). In addition to providing a line of products, we also provide services- integration, consulting and training.

We’re lucky. Or maybe I should say fortunate, for having positioned ourselves to be successful, even in a struggling economy. As I look around over the past few months, I’ve seen a plethora of friends and colleagues (at other companies) that have suffered the brunt of the blow- lost jobs, decreased benefits and dwindling retirement and savings. Businesses are closing, restructuring or cutting back, and it’s affecting everyone.

But our business– in the IT, and specifically the security industry– is strong. In fact, it’s thriving! We just recently almost doubled our full-time staff, adding more technicians, engineers and account reps to our core team. Great, right? Of course.

However, there’s a nasty little side effect that’s about to smack us all in the face.

In these times of struggling financial organizations, financing and credit are quickly morphing from a ‘given’ of business to a luxury that’s becoming harder to earn. Companies that could once float $1M deals through credit lines and distributor relationships are losing many of their finance options.

What does that mean? It means when your company sends in a $500k purchase order, your provider may not be able to process the order because they don’t have that much open credit available. Ultimately, it can mean delayed fulfillment, partial orders or not being able to process the order at all. Providers may resort to gray market items or ‘suspicious’ sources to fill orders they can’t process through normal channels.

Not a happy thought and this type of behaviour may force customers to revert to using ‘box pushers’ who frequently don’t have the expertise to help integrate the solutions or even specify the right products. It could ruin some smaller providers. And when the technology specialists out there go away, it puts a much greater strain on the manufacturer, who will then need to ready additional resources to supplement both pre- and post-sales expertise missing when their fair-haired ‘chosen few’ are sudden casualties of economy.

It also means that special programs such as eRate for schools and libraries will suffer. The federal monies returned to the school actually goes through the provider, or VAR. So, when a school places an eRate project order with a provider, the school usually pays the entire amount then waits for the federal eRate rebate to come back through, weeks or months later. If that provider is gone when the check comes back, the school will never lay eyes on it (or anything else for that matter).

Sad. Worse still, these funded projects are usually some of the largest dollar-wise. Who pays for it then? We all do… And eRate is just one example of a funded program, there are many others that could have the same fate, which is why it has always been imperative for public sector to use providers and VARs with a proven longevity.

Like I said, we’re fortunate. We saw this coming and made arrangements early in anticipation of this domino effect of financial yuckiness about to fall upon us all. But I worry about others in the industry, partner companies who may fall victim to this credit crunch. A long wave of financing issues could change the face of the security VAR landscape, and not in a good way.

# # #

Tags: , , ,   |  Posted under Industry Insider  |  Comments  No Comments
Jul
08/08
Techie Travels- What Do YOU Look for in a Hotel Room?
Last Updated on Tuesday, 12 August 2008 04:54
Written by JJ
Tuesday, July 8th, 2008
Share

I’m on the road… again. After some really great (and a few really crappy) hotel stays in the past few weeks, I started thinking about ‘what makes a good hotel’.

Recently I spent one week at a customer in a hotel where the staff obviously was hosting nightly parties down at my end of the hall- from about 2:00am – 5:30am each (yes- every) night I was there. The hotel I’m in tonight has no elevator. Yeah. @#$! That’s what I said. Twice in the past 10 days or so, I’ve been in really nice resort-hotels, so I’ve had the whole spectrum this month and last.

For me, sometimes it’s the little things… I really like it when hotels have conditioner, instead of just shampoo. I like space– so a nice work area is important to me. Of course a big soft bed and plenty-o-pillows is a key ingredient. A whirlpool or jetted tub (in the room) is icing on the cake. Exercise rooms are good, although half the time I’m too tired when traveling or have work to do (I know- excuses, excuses ;). Convenience is also a biggie- I had a run in Las Vegas where *every* room I had felt like it was a 10-minute walk just to the elevators. When I’m on-site for a customer, I also love the hotels with the do-it-yourself breakfast– I can go when I want and grab something before heading out for the day. I love the little lighted makeup mirrors… and of course a full-length for checking out the wardrobe. Plugs! I love lots of plugs. I like hotels that secure the outer doors early and require a key for access to various parts of the building.

Sometimes it’s the bigger things… Hotels with outside-facing doors make me paranoid, and obviously those in neighborhoods where your rims may disappear is not good either. I hate hotels that MAKE me valet park my car. It’s my car, my keys, I park it and I keep the keys- that’s my rule. (My Dad taught me a little trick of telling the valet boys that it’s a company car and against corporate policy for valet- it works!)

Traveling techies sometimes have unique needs or requests, and many of the ‘good list’ is universal for all traveler types.

So, those are some items from my little list… What about you- what do YOU look for in a good hotel?

# # #

Tags: , , ,   |  Posted under Random-izations, Travel  |  Comments  7 Comments
Jul
03/08
Grande Theft Auto… What Was He Thinking?
Last Updated on Monday, 21 July 2008 11:37
Written by JJ
Thursday, July 3rd, 2008
Share

Well, it didn’t happen to me- but here’s another J! True Security Story for you…

I went to the salon today to ‘get my nails did’ and was greeted with quite a ruckus. The entire staff is Vietnamese- no big surprise there- but the owners and most employees speak English extremely well and so everyone is always chit-chatting throughout the salon.

The wife side of the husband-wife team was especially giddy as she shared a little gem of a story with me today… and I didn’t feel I’d be doing you justice to keep it to myself. 

They (the salon staff) all live in one of the larger cities here in NC. One of their friends (a middle-aged guy) was out shopping Monday and was sitting in his car in a parking lot during a coming- or going- to a store. A young girl (mid-20’s) came up to his car and motioned to ask for use of his cell phone.

Now, at this point in the story, I could have told you the rest…

photo_girlcell.jpgHe opened the window a bit and the young lady asked to borrow his phone for a moment to call a family member. Turns out she had some car troubles and needed a ride. Being the nice gentleman that he is, he lent her the phone and she took a couple of steps away to make the call. Only… she didn’t stop. Evidently she got about 4 cars down the row before our chivalrous guy got out of the car and gave chase.

When he got in reach, she pushed him down to the ground and – yep – ran back to his car, phone still in hand… and drove away.

He now has no car and no phone. So, ironically enough, he then had to approach a stranger and politely ask for the use of their cell to phone home and let the group know he was bamboozled. A few tears were shed, but his wife assured him it would be fine and he shouldn’t be scared. (No, I’m not making that up).

I was giggling right along with her (and the guy’s wife, who happened to be there).

Moments later I thought to myself, “I hope that doesn’t happen to me!” Almost in the same instant I realized… it probably wouldn’t. I’ve been a bit of a paranoid freak since I was little, thanks probably in most part to having two ex-military intelligence parents. For all my life I’ve been raised with ‘the security mindset’ as Schneier refers to it.

Always suspicious… always calculating… always aware… and certainly never underestimating a situation.

And so then I had to muse… WHAT WAS HE THINKING leaving the car running and unlocked to go after the siren with the cell? For the sake of politeness, I kept my question to my ‘inside voice’, but I do have to wonder why you’d sacrifice the security of a vehicle for a $50 cell phone.

The moral of the story…  There are two. 1) Involve someone with a ‘security mindset’ and 2) Your security is only as strong as your people. A sweet damsel in distress… social engineering at it’s finest…

# # #

Tags: , ,   |  Posted under J! True Stories  |  Comments  No Comments
Jun
30/08
Symantec’s Network-Based NAC
Last Updated on Saturday, 28 January 2012 06:54
Written by JJ
Monday, June 30th, 2008
Share

Yes, you read it rightSymantec (as in the software vendor) has a network-based (as in the hardware) NAC. Once you get over the title, keep reading.

If you read my blog, or know me, you probably know I do NOT like software (and it usually doesn’t like me). So, I’d be the first to jump on the ‘anti-software-peer-based-NAC’ train, but I think we have to be informed before we jump to conclusions and hop on any trains. (more…)

Tags: , , ,   |  Posted under Industry Insider, NAC & 802.1X  |  Comments  2 Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Subscribe

Enter your email address:

Delivered by FeedBurner

NetworkedBlogs