Sunday, August 29, 2010

GE Looking for Business Response Team Leader

GE continues to hire security professionals to help reduce IT risk at our company. I should be posting additional jobs for my team (GE-CIRT) next month, but right now my boss (our CISO) asked me to help find a Business Response Team (BRT) Leader for our Corporate entity. Visit www.ge.com/careers and search for job 1251700 to find cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 role. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 summary:

The Business Response Team (BRT) Leader is responsible for working with business peers and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 GE Computer Incident Response Team (GE-CIRT) to better protect GE Corporate from digital intruders. The BRT Leader limits and assesses cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 damage caused by digital intruders, evaluates cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 posture and configuration of business computers, provides direct security support to business initiatives, and works to improve cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 business.

This role is in Connecticut in order to be close to our HQ.

Monday, August 23, 2010

Bejtlich on Silver Bullet Podcast

Gary McGraw was kind enough to interview me for his Silver Bullet Podcast. Gary is a real pro; he does his homework. After describing cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 interview process to my wife, she thought Gary's approach sounded like James Lipton and Inside cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Actor's Studio! We talked about a lot of subjects and Gary tailored his questions to relate to my incident detection and response duties and relations to software security.

Review of Least Privilege Security Posted


Amazon.com just posted my four star review of Least Privilege Security for Windows 7, Vista and XP by Russell Smith. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

Russell Smith's Least Privilege Security for Windows 7, Vista, and XP (LPS) is a helpful contribution to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 toolbox of many enterprise system administrators. Numerous organizations are finally realizing that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Internet is too hostile an environment to let normal users function with elevated privileges. Although by no means a panacea for preventing intrusions, users operating with least privilege are somewhat more able to resist some attack vectors. Beyond resisting attacks, users operating with least privilege are more likely to meet organizational rules. Thanks to LPS, administrators running Windows 7, Vista, and XP can apply cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 author's lessons and guidance to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir own environment.

Bejtlich Teaching at Black Hat Abu Dhabi 2010

The teaser page for Black Hat Abu Dhabi 2010 is now live, and I am pleased to announce that I will teach TCP/IP Weapons School 2.0 cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re on 8-9 November. Preregistration appears to be available. This will truly be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 last edition of TWS version 2.0. I have been in contact with experts from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365United Arab Emirates Computer Emergency Response Team (aeCERT) and I hope to have students from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 region participate in my class.

For those interested in TWS 2.0 but not familiar with it, I described cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class in this blog post titled Sample Lab from TCP/IP Weapons School 2.0.

I described differences between my class and SANS in this post.

I am also developing version 3.0 for Black Hat DC 2011 in January. When I have details on that class I will post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m here.

Sunday, August 22, 2010

Review of IT Security Metrics Posted

Amazon.com just published my five star review of IT Security Metrics by Lance Hayden. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

I was not sure what to expect as I started reading IT Security Metrics (ISM). I had just discarded anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r new book, published in July 2010, supposedly about security metrics but really about nothing useful to anyone anchored in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 operational IT world. Would ISM be anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r disappointment? Since Andrew Jaquith published Security Metrics in 2007, no ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r book had appeared to help security professionals measure cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir worlds. Thankfully, I can strongly recommend Lance Hayden's ISM as a very strong contributor to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 discussion on security metrics. ISM's subtitle, "A Practical Framework for Measuring Security & Protecting Data," really does explain cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 purpose and value of this great new book.

Review of Practical Lock Picking Posted

Amazon.com just posted my five star review of Practical Lock Picking by Deviant Ollam. From cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 review:

Practical Lock Picking (PLP) is an awesome book. I don't provide physical testing services, but as a security professional familiar with Deviant's reputation I was curious to read PLP. Not only is PLP an incredible resource, it should also serve as a model text for ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs who want to write a good book. First, although cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book is less than 250 pages, it is very reasonably priced. Second, Deviant wastes NO space. There is no filler material, background found in ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r readily available texts, reprinted Web site content, etc. Third, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 writing is exceptionally clear and methodical, with extreme attention to detail and a master's approach to educating cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader. Finally, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 diagrams, pictures, and figures are superb. When necessary cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y convey cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most subtle elements of lock or key design, and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y are cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 appropriate size and clarity. Overall, this book is helpful for those wishing to pick locks AND those who want to know how to write a good book.

Saturday, August 21, 2010

Consider Reading Network Flow Analysis

If I could write an Amazon.com book review of Network Flow Analysis by Michael W Lucas, I would give it five stars. Why won't I? The reason is that Michael asked me to be cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 technical reviewer for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book, and I don't feel comfortable publishing a review when I am potentially identified with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content. Michael did such an awesome job writing his newest book that my tech edit was fairly easy. However, I would prefer to say a few words on my blog racá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r than assign stars at Amazon.com.

(Note: for those of you who do some research and find my review of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 excellent Linux Firewalls by Michael Rash, you'll see I issued a disclaimer that I wrote cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 foreword. I felt that writing a foreword is different than tech editing, because a tech editor is partially responsible for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 content of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 entire book. A foreword author is more or less writing an endorsement, like a review that's published in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book itself. You may not agree with this differentiation -- it's up to you.)

Why do I like Network Flow Analysis? As I've said before, Michael W Lucas is probably my favorite technical author. He is complete, accurate, and entertaining like no one else. He has an uncanny ability to know what cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 reader needs to accomplish a technical task. I consider many of his books cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 definitive works in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir fields. With Network Flow Analysis, Michael teachers readers how to implement a NetFlow-based monitoring architecture using open source tools and code. He focuses on using Flow-Tools for analysis and Softflowd for capture when NetFlow export is unavailable or undesirable. He adds ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r tools and approaches when needed, including visualization with Gnuplot. I found that section to be interesting because he provides background on using Gnuplot before enlisting its help with flow data. Michael also provides conversion mechanisms for devices exporting NetFlow v9.

If you want to implement a NetFlow-based instrumentation architecture using open source, or perhaps integrate various platforms into a commercial analysis engine, Network Flow Analysis is cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 book for you.