February 2011 Archives

Another RSA Conference has come and gone, and boy, what a busy week it was! Maybe I'm just finally getting to "attendee vet" status, but it seems like every year my time becomes increasingly overbooked. Not that this is a bad thing, mind you; it's just that I'm now thoroughly exhausted and will need a week or two to recover. ;)

Overall, RSA was very good this year. My talks went well, my meetings went well, and it was awesome to see a lot of friends and friendly faces. The vendors really put on very good receptions this year, which was a nice return from the last couple years, which have been a bit lean. Shout-outs go to Barracuda and White Hat Security for each putting on very nice parties. Kudos also to Security Bloggers Network for once again running an awesome gathering of writers.

Given work load, I only had opportunity to interview one other business for RSA 2011. Sifting through all the meeting requests can be quite daunting, but Federated Networks made a unique impression with some of their offerings that I felt compelled to meet with CEO Dave Lowenstein.

I had the opportunity to interview reps from Imation on the expo floor at RSA 2011 last week. The meeting request had interested me because my mental image of Imation was that of a fairly staid and stable storage media company. And, to a degree, this mental image was not incorrect. However, despite their solid maintenance of well-known media brands like Memorex and TDK, I was excited to see that Imation is also branching out into new areas.

A couple products from Imation's new Defender Collection struck me as being very interesting. These products include having biometrics and encryption capabilities, as well as a self-contained, pendrive-based Windows environment in development (making them only the 2nd vendor to do this, following on the heels of SPYRUS).

In addition to these new product lines, Imation has also begun developing software to support these devices. You, the reader, might think this is a fairly logical extension (you'd be right), but don't overlook the fact that standing up an entirely new software division to support new products is a somewhat risky venture, and something that represents Imation's strong commitment to these new product lines. The software will, in particular, provide central management and authentication integration for the new Defender line of devices, which should make them particularly appealing to the enterprise (at least for Windows-oriented folks today).

Maybe I don't understand the meaning of the word "innovation." Every year I walk through RSA's "Innovation Sandbox," and every year I reach teh same conclusion: if this is "innovation," then no wonder we're so far behind the opposition! This year's assortment of vendors was no better than the previous years, with a couple exceptions.

A very brief post here... on a topic I've mentioned to people in the past, but have never put into writing. Really, this is as much an incomplete thought as anything else...

Yes, SmartGrid technology will be needed in the future, but I'm gravely concerned that we're investing in the wrong technologies today. All the talk and focus is on how it will help improve the electric grid, but it does little to address one fundamental problem: it still relies on the fundamentally flawed premise of central power generation and long-haul distribution.

I started writing this post a few weeks ago, but am only now getting back to it. After getting a good outline going, I simply couldn't bring myself to write it. Part of my resistance, I think, comes in the pain of self-realization. At the same time, I'm sometimes loathe to share these personal revelations as I'm never sure how people will take them. My hope is that you'll read this and think "lessons learned" and not "what a dope." Anyway...

For full Summit coverage and follow-up, check out the OWASP Summit 2011 page.

I'm not even home yet, and already my brain is churning. I left Lisbon this morning, heading for home, and then on to San Francisco for RSA-related "festivities" the next day, but since I'm stuck on a plane for several hours here, I thought it would be a good time to jot down some thoughts. Actually, I started making notes in the car this morning en route to the airport... here how it starts:

As we raced down the highway in excess of 150kph, flying through the lush green hills, kissed by the slowly lifting fog, I couldn't help but let my mind wander freely over this trip and the past couple days. I leave Portugal with a few conclusions:
   * OWASP is doing good and important work.
   * OWASP is going through a transitional period, in part related to generational ascendence.
   * OWASP is strong and filled with wonderfully passionate people.
   * OWASP is application security.

Perhaps the writing is a bit over the top, but it's how I feel after what I can only describe as an interesting, yet strangely energizing, event marked by the expression of strong sentiments and passionate drive to make the world a better place. Allow me to expound...

(updated 2/3/11 with link to preview podcast for GRC-201 panel)

Good grief, RSA is almost upon us! This year will be another busy one for me in San Francisco. I have 2 talks scheduled, 2 books coming out, and I'm involved with 3 different events. As such, I wanted to share some of these announcements with you on the off-chance that you might like to attend one of my sessions, or just meet-up face-to-face. If you see me, please introduce yourself!

I don't attend many hacker cons because, quite frankly, I'm not really the hacker type. No, no... it's true... I'm more of the corporate wonk type with a penchant for strategy, architecture, policies, and the like... all important things in infosec, but things that are not generally featured or of interest to hacker cons. Nonetheless, I go, hoping against hope that I'll see something interesting and that at least a couple talks won't be so poorly constructed or delivered that I'll either flee or fall asleep.

For this year's hacker con adventure I opted to attend ShmooCon, which I think I'll now add to the annual schedule (especially given the low cost and easy proximity). It was a decent experience with the requisite number of "omg we're so screwed" moments, coupled with all the social attributes necessary to make the event fun. I learned a few things, but mostly have ideas for the future. As is typical of my previous experiences attending a specific con for the first time, I know that my next attendance of the con will be better because I'll know the ropes a bit and have my expectations better adjusted.

So, without further adieu...