I hack Johnny Long

  As I said in my SecureWorld Atlanta Day 2 post I met Johnny Long today. He gave the Keynote talk today and was by far the best part of the event. He gave his "No Tech Hacking" talk and also talked a little about his new venture "Hackers for Charity" and explained what they do. After his talk I went to talk to him about a few things. I wanted to talk to him about his faith which is very much a part of who he is. I wanted to talk to him about "Hackers for Charity" and about "No Tech Hacking". We talked about the first two and had to cut it short before getting to the third topic. Of course the first two are the most important and made my few minutes with him well worth it.

I was a little familiar with "Hackers for Charity" but had never really checked into it. After hearing Johnny talk about it and seeing a few slides that he had I decided that I wanted to do something to support it. Right now I can't go to Africa but I can do a couple of other things. I'm going to buy a copy of Johnny's new book "No Tech Hacking". This will help because when you go to his site and click on the book link it takes you to Amazon and you can buy it there. Also when you do it this way all of the proceeds of the sale go to "Hackers for Charity" . The proceeds of the sale of just one book will feed a child for a month. Johnny isn't keeping any money from the sale of these books. So in addition to getting a good book I'll also be doing something to help the charity.

The next thing that I'm going to do is ask each of you to do a couple of things. Buy the book from Johnny's site and take a look at "Hackers for Charity" and see if there is anything else that you can do. Then tell all your friends about it and encourage them to do something.

Why am I making such a big deal about this? Not that I think that this is the greatest charity ever but because it is a charity that was started by a hacker and security professional. It's something that we as Security Pros can get involved with and make a real difference in the lives of kids and others. We all talk about wanting to make a difference in the world of security but that has limited impact. Changing lives is something that has lasting impact.

SecureWorld Atlanta 2008 Day 2

Day 2 at SecureWorld was much the same yet quiet different. It started off with a Atlanta InfraGard Chapter meeting. There was a report on "Emerging Threats" by an FBI analysts that was pretty good and then followed by a Panel discussion (I missed the topic) that never was. What I mean by that is that each of the panelists talked a little about who they are and what they do. Then the moderator asked if there were any questions. A lady asked a question about SMB security and the moderator opened it up to allow the audience to give input. That pretty much took the rest of the time.  I never did find out what the topic of the panel was because the panel was never given the chance to talk.

The morning Keynote was by far the highlight of the conference. The speaker was Johnny Long talking about his No Tech Hacking. Not only was it informative but it was also enjoyable. I'm going to talk more about this in a separate post.

After Johnny's Keynote I attended a talk about aligning your security program with business objectives. This is something that is easier said than done and I am looking for any good tips I can get. The reason I say it is easier said than done is because often you get lots of push back when you try to do security the right way. Too often Management is only concerned about compliance checkboxes and so they don't support efforts to align the security program with the business objectives. The biggest obstacle here is educating management. They often don't want to learn or change and it's our job to convince them otherwise.

The rest of the day was pretty decent. I attended a couple of talks that were OK but nothing earth shattering. I had to miss the last session (of course it was one that I really wanted to go to) because of a conference call that I had to join in on.

All in all the conference is worth the money. It's a $200 conference so don't expect too much but you get your moneys worth. I'll probably attend next year again since it's here in Atlanta and offers good opportunities to network, meet new people and learn a little. If you're in the Atlanta area you many want to look into it next year.

SecureWorld Atlanta 2008 Day 1

OK, so I'm a little late on my day one update. When I got home after day one I spent time with the family and then had some work to do. I was up until 1:00 am finishing a project plan that was due today.

This is my first SecureWorld Atlanta conference and wasn't sure exactly what to expect. I had looked over the conference schedule and knew from the length of the sessions and the titles that it wasn't going to be too technical. That's fine with me because I don't do much that is technical in my day to day work any  longer, but I do enjoy sitting in technical sessions to stay fresh and learn new things.

I attended a session on SAN security considerations and a discussion by DHS on Securing critical infrastructure. I figured that the critical infrastructure talk would be a good one for me since I work for a company that is part of Atlanta's critical infrastructure. Neither session was overly informative but the CI session did have some good content and most importantly gave me some good contacts to keep for the future. From the SAN session I did come up with a few questions that I need to have my SAN team answer for me now.

The rest of Day one was spent talking to vendors trying to get past the "snake oil" and see what it is that they really do and how they are different than their competitors. I'm am actively looking at several different technologies to determine if they will meet needs that we have. The vendor time gave me a chance to see how some companies that I'm not as familiar with are doing things.

All in all the biggest benefit that I gleaned from day one was the networking opportunities. I also ran into a guy that did some consulting work with a company that I worked for a few years ago. He's still with the same company that he worked with then and I'm going to see about having him come in and help us with some professional services that we need.

SecureWorld Atlanta 2008

Just a reminder that I'll be at SecureWorld Atlanta on Tuesday and Wednesday of this week. If your in the area and are planning on attending let me know. Also (I know this is late) but I can get you a $80 discount off the $195 regular conference fee or $200 off the full conference fee of $695. Just go to the website and register using this code JRC1031. There is also a "free" pass that will get you into the expo area and I think a couple of the open sessions.

Thanks Birmingham InfraGard Chapter

I'd like to publicly thank the Birmingham, Al chapter of InfraGard for having me speak at their April meeting. They seem to have a really good chapter going there. They meet monthly and have a strong regular attendance. Also from talking with them they seem to do quiet a bit outside of the regular meetings. I think my talk went well. They were at least polite and told me that they enjoyed what I had to share. Michael Ramm drove over from Tuscaloosa, AL to meet me. It was nice to meet someone that I've interacted with lots over the past year.

Atlanta needs something to kick start the local chapter here. We only meet quarterly and that's being optimistic. The last meeting was in November 2007 and the next meeting is at SecureWorld Atlanta the end of this month. On my calendar that's a 6 month lull, doesn't sound very quarterly to me. I'm not trying to pick on InfraGard in general here. There is something about Atlanta that doesn't seem to fit well with InfoSec meetings. I know that ISSA and ISACA meet monthly but I have never been so I can't speak to what they are like. We have tried several times to get a CitySec started and have had a total of 2 gatherings. The first time it was Mike Rothman, Beau Woods and myself. The second meeting Beau had dinner and drinks alone. A time or two since then emails have gone out no one has shown any interest. So I guess that will have to wait for another time.

I'm jealous of the fact that lots of my friends are at RSA this week and I'm not. For some reason I seem to have an aversion to working for companies that will send me to conferences. Maybe one day. I really can't complain too much. Even though I would have to foot the bill myself for most anything out of the Atlanta area I've been lucky. Atlanta has quiet a few small conferences (day, 1/2 day, lunch, etc) and a couple of 2 to 3 day events that I get to participate in. Just last month I attended the CSO Perspectives conference here and later this month I will be at SecureWorld Atlanta.

Things at work have been keeping me hopping. I've got so many things going on that I'm almost paralyzed trying to decide what to do first. I've prioritized them but still when it all is screaming at you it's hard to focus. Everything is an "emergency" in the eyes of the requester. Oh well, it will get done in time I just need to quit worrying about it.

Hopefully soon I'll get back to blogging something of value. For now work and my honeydo list calls so.......... It's off the catch the bus home and hopefully finish staining the deck.