Security Bloggers Network

April 24, 2009

RSA 2009 and my Dual Personalities

I promise this is the last post (for a while) before I get back to my regularly scheduled technical content. For a security blogger a retrospective RSA post is almost a requirement so you have to excuse me while I do my duty :)

The theme of the show this year was Collabration (as opposed to the Consolidation theme of years past). This theme couldn't have been more fitting for me as I have begun a new chapter of my own personal collaboration and so has my employer. My experience was much different this time around. Last year I went as a delegate, I audited sessions and crept back to the hotel to ponder what I had learned. This year couldn't have been more different, and mainly because I was fulfilling two new roles. There was Vendor Me (i.e. Booth Babe) and Blogger Me. I audited a record low number of sessions because Vendor Me was busier than I could have imagined. I also had little time to absorb anything because Blogger Me was constantly on the go when I was not at the booth.

First I'll expand on Vendor Me, which I try to keep to a minimum in these writings. My employing company, Third Brigade had some big announcements this week. First off we were announced as part of QualysGuard PCI Connect. Our logo was displayed proudly on the Qualys booth and we are happy to be working with them to fufill PCI-DSS needs. Secondly we were featured in Trend Micro's exciting new launch of OfficeScan 10 among other offerings. I had the immense pleasure of meeting Eva Chen the CEO of Trend Micro at the launch party. We also announced our first Virtual Appliance using the VMsafe-NET API to do IDS/IPS and packet filtration at the Hypervisor level. This is a project I have been heavily involved with and it was great to be able to show it off at a time when VMware just launched vSphere 4. The interest in this new way to deploy security was overwhelming. Finally to top of an excellent week, eWeek named us one of the 10 most interesting products at RSA, which is an extreme honor given the number and quality of vendors on the show floor.

So that's enough about Vendor Me, Blogger Me was delighted to be taken under the wing of none other than Ben Tomhave from The Falcon's View, whom I have been following for a long time. On the very first pre-night Ben, Erin (Security Barbie) & I hung out at the W and I met Dan Kaminsky (of DNSSEC fame). On Wednesday night I attended the Security Bloggers meetup (Photos) and awards show. I met so many of the bloggers, writers and podcasters I have been reading and listening to for years. I had the pleasure of meeting Andrew Hay, Alan Murphy, Christofer Hoff, Martin McKeay, Ira Winkler, Jack Daniel, Jennifer Jabbusch, Jennifer Leggio and so many more I can't even count. After a late night of many parties Ben and I had met so many movers and shakers in Information Security. The universal constant is that these people are extremely intelligent individuals with a passion for security they can't help but share.

The sessions I was able to attend were, for the most part top notch. I particularly enjoyed watching Simon Crosby of Citrix and Stephen Herrod of VMware debate the merits of security API's embedded in the Hypervisor (in which I had my first taste of live twittering). Anton Chuvakin and the panel on logging standards were also very informative. I heard a lot of negativity about the attendance and quality of the keynotes, but for me and many others the positive aspects far outweighed the negatives. RSA is a dycodimey, there are good aspects and bad but it's also what you make of it. Some are there to network, some to audit sessions, others to learn more about the vendors. Its true value is compressing all of these minds and companies down to a couple of blocks in San Francisco for a week, transforming normally geographically challenged communications into a mecca of exponentially accelerated learning, networking, and partnering. For me it was a life changing week that I won't soon forget. 

At four o'clock on Thursday the expo hall closed. An annoying voice boomed over the intercom that the show was over and it was time to pack up and go home. A cheer arose from the exhibitors that were the remaining hall occupants. At first I thought this was simple relief for those that had been on their feet for the past four days, but then I realized it wasn't just that. We had all been there and accomplished much. We were applauding each other for a job well done. We had all played a part in bringing the security world to this patch of ground, therefore personifying the very Collaboration the keynote had encouraged.

Posted by justin_foster on April 24, 2009 at 10:23 AM in Qualys, RSA, Security Bloggers Network, Third Brigade, Trend Micro, VMsafe | | Comments (1) | TrackBack (0)

|

April 11, 2009

Social Security

For my 10th post I thought I would chronicle the amazing experience I have had launching this blog and becoming a more active member of the information security community.

Alan Shimel coined the term 'Social Security' and despite its unfortunate overlap with benefits for the retired and disabled, it really fits. To me 'Social Security' is the act of sharing information security knowledge for the common good. The 200+ bloggers of the Security Bloggers Network give freely of their time and knowledge and many of them have to do so outside of normal work hours in order to keep their posts free of sales pitches ;) Many of the same bloggers are highly accessible on another great tool of the Social Security space, Twitter. Specifically the ever growing list of Security Twits carefully maintained by @quine who's members are a fountain of information.

One month ago today I launched my blog, Developing Security. I'm a Software Architect and I wanted to share my experiences developing (secure) security software. Alan Shimel was gracious enough to add me to SBN providing for an instant readership (and of course, pressure!). I also joined Twitter at the same time and followed many of the members of the Security Twits list. One of the people who noticed that I followed him was Rafal Los. He was setting up an OWASP tour and noticed that my location was on the stop. He asked me if I was aware of the event and going to attend. Long story short, I ended up being involved hosting the meeting and got a great opportunity to meet Raf. Had it not be for Twitter and 'Social Security' that's likely the first of many opportunities that would have passed me by.

Every day, the power of Twitter really continues to surprise me. Once I asked about Javascript exploits (one of my favorite topics) and within a minute I was pointed down another direction that aided my research. Another time I complained about the excessive sound effects on the OWASP podcast and Jim Manicode, who produces the podcast, saw this. After an email exchange Jim agreed with my opinion, and now the latest podcasts aren't loaded with effects. Would I have complained before Twitter? Likely not. By following the Security Twits I have discovered so many more podcasts, webcasts, groups and articles. Often this information appears on Twitter before you can find it on other sources. I've also been pleasantly surprised by the people who choose to tweet about blog posts I have written. The positive comments are really appreciated.

One month and 10 posts in, I'm really enjoying this new world. For anyone remotely thinking about starting an information security blog or joining the Security Twits, I would highly recommend it. Its definitely been a highly valuable excursion for me.


For the next couple of weeks I'll be on the road demonstrating Third Brigade's VMsafe-based Virtual Appliance. If you happen to be at the VMware Partner Exchange in Orlando (April 14 - 16), please drop by the vCloud pavilion. I've been working with a great team on our Virtual Appliance and it's exciting to get a chance to show it off. I'll be writing more about VMsafe and other efforts to apply security at the virtualization layer in the future. It's a project that I have been deeply involved with and it's very interesting subject matter.

The following week I'll be at RSA either at the sessions or at booth 538. I'm also really exited to be attending the Security Bloggers Meetup. These people are celebrities to me and I look forward to meeting them! If you would like to find me at RSA just message me on Twitter @justin_foster.

Posted by justin_foster on April 11, 2009 at 01:01 PM in Justin Foster, OWASP, RSA, Security Bloggers Network, Third Brigade, Twitter, Virtualization, VMsafe | | Comments (0) | TrackBack (0)

|

About

The views and opinions expressed on this blog are my own and in no way represent the views or opinions of my employer, Trend Micro.

 Subscribe in a reader

Archives

Twitter Updates

    follow me on Twitter
    Lijit Search
    Creative Commons License

    Copyright © 2010. This work is licensed under a Creative Commons Attribution 2.5 Generic License.

    Some images used with permission from istockphoto.com, clipart.com and sxc.hu subject to individual copyright.