|
The Security Community’s Power Comes From Sharing
by Ben Chai |
|
Back in the 1970s and 1980s there was a saying “knowledge is power.” Unfortunately back then it actually translated into “with-holding knowledge” is power. Working as an administrator for one of the first IBM PC vendors in the early 1980s was an experience. My boss said it had taken him a year to learn to configure a PC and refused to show me how to do it “because it was so hard,” and our support guys would withhold basic configuration information such as a printer cables requiring male to female pins.
As an ambitious young executive with a degree in computer science, I would spend until 2 am n the morning learning about all the company’s software packages and hardware and pretty soon got fed up with the with-holding knowledge’ culture of that era and decided that I would try and teach everyone all this “IT and security stuff.” Soon customers were asking for the guy in administration and purchasing to help.
The New Knowledge is Power
Fast forward three decades on and we see that the phrase “Knowledge is Power” has come to mean the exact opposite to the 70s and 80s where the new generation is determined to give away as much knowledge to anyone who wants it. People who withhold knowledge by “talking techie” or having abominable social skills are bypassed in promotion or hidden away in the bowels of the corporation.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Optimizing Managed Service Delivery With Secure Application Acceleration
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
What has this got to do with security? Everything. In order to develop a worldwide security posture against cyber crime, security professionals at all levels need to network and share intelligence. If one company is compromised by an attack, then others will also be compromised by the same attack vectors.
One of our most read articles is a step by step article on how to compromise SSL-VPN and e-commerce websites. The article was submitted by First Base Technologies, an ethical hacking company. Computer Weekly verified the article had been around for several months but not in a detailed step by step format. The latest details on other SSL-VPN weaknesses were advised on by members of the community.
As a result of sharing by security professionals, the SSL-VPN article was transformed into something better suited to serving the community.
Networking in The Security Community
Networking in the security community, giving away and helping others bolster their organisational stance, makes the world a securer place. One of the best pieces of advice that Team Cymru (a non-profit organisation dedicated to making the Internet a safer place) is to get involved in the security community.
There are many “Chatham House” rules environments where security professionals can share information securely. Three that I have had the privilege of working in include:-
Security Vibes - an online community for CISO/CSO/CIO level security managers
www.first.org – Forum of Incident Response and Security Teams
Global CEP, A community where senior executives discuss risk based issues.
No matter how clever you are, your organization is insecure, if you’re in security and not networking.
Tags: security community, SSL-VPN
This entry was posted on Thursday, August 20th, 2009 at 11:32 AM and is filed under Community Manager, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Comments
-
hawk says: Through the eighties and part of the nineties I sold networks and worked with designers to try to shift systems paradigms. Even when the decision came from top-down to do so, structural issues dragged and crushed some systems and some organizations. I believe some of it still exists, though in segregated corridors, especially entrenched bureaucracies. The word “Proprietary” was pervasive in many ways; the question is, what to do about it, Today, when you find it?
Like or Dislike:
0 
0
|
| Our New Offices... Our offices recently underwent a redesign of its own. Here are some photos of our new digs.... How To Find Your Next Job Using Social Media I'm attending the next WebGuild Event on an interesting topic about yet another means for tapping into your social network: How To Find Your Next Job Using Social Media. The event is on Tuesday, August 17, 2010 from 6-9:00 PM... POLL: Treatment of Link Tips Versus Standard Links We've been working on better differentiating on our site standard hyperlinks from link tips which render a popup callout bubble. What's your vote? QUESTION 1: Option 1: Do you prefer the 'help' cursor onmouseover for link tips? Option 2: Or... |
|
| PayPal UK Launch Security Key - Guest Posting from PayPal I am happy to say they are using VeriSign Identity Protection to deliver this, which means that PayPal Customers will be able to use their token at other sites who join the VIP network. PayPal are the first UK members of the network, but there are around 30 other members in different countries around the world so you can expect to see more places where you can use your token in the UK appearing shortly. Facebook scam - Part 2 This just in from the BBC web site, Symantec have identified a virus that steals user names and passwords, nothing new there. But, if I understand this right, it is delivered through a Facebook invitation from someone you don't know and delivers malware which can then steal user names / passwords and also keylog credit card info. Survey finds passwords are not secure - well d'uh! I don't think the vendor community has been crying wolf about the problems that stronger authentication solves, more like highlighting that this problem is here and growing. Well the discussion I have had recently with many different organisations across many different industries are now resulting in more and more consumer projects in this area |
|
| Cloud Identity, Trust and the Liability Elephant. I have been involved with a couple similar initiatives around certification for identity and thought it would be interesting to explain the logic behind these efforts. The first initiative is led by the Open Identity Exchange and is based on... Greek Heroes, Facebook and Trust When Achilles was a baby, the oracle predicted that he would die in battle from an arrow. Thetis, Achilles' mother who did not want her son to die decided to dip Achilles' body into the water of a river that... PCI for the Cloud For most enterprise and security vendors, the cloud is fascinating both as a technology and a business disruptor. In fact, SAAS CEOs such as Successfactor, SalesForce and NetSuite are hot shots in Silicon Valley these days. Yet, most of us... |
|
