Posted August 13th, 2010 by
rybolov
Metricon 5 was this week, it was a blast you should have been there.
One of the things the program committee worked on was more of a practitioner focus. I think the whole event was a good mix between theory and application and the overall blend was really, really good. Talking to the speakers before the event was much awesome as I could give them feedback on their talk proposal and then see how that conversation led to an awe-inspiring presentation.
I brought a couple security manager folks I know along with me and their opinion was that the event was way awesome. If you’re one of my blog readers and didn’t hunt me down and say hi, then whatcha waitin’ for, drop me an email and we’ll chat.
You can go check out the slides and papers at the Security Metrics site.
My slides are below. I’m not sure if I was maybe a bit too far “out there” (I do that from time to time) but what I’m really looking for is a scorecard so that we can consciously build regulation and compliance frameworks instead of the way we’ve been doing it. This would help tremendously with public policy, industry self-regulation, and anybody who is trying to build their own framework.
Similar Posts:
Posted in Public Policy, Speaking | 
1 Comment »
Tags: catalogofcontrols • certification • compliance • government • infosec • infosharing • law • legislation • management • publicpolicy • security • speaking
Posted May 17th, 2010 by
rybolov
This was announced a couple of weeks ago (at least 9000 days ago in Internet time) so now it’s “old news” but have a look at Metricon 5.0 which will be in DC on the 10th of August.
It’s a small group (attendance is capped at 60), but if you’re managing security in Government, I want to encourage you to do 2 things:
- Submit a paper!
- Attend and learn.
I’ll be there doing a bit of hero-worship of my own with the Security Metrics folks.
Similar Posts:
Posted in Public Policy, Speaking | 1 Comment »
Tags: government • infosec • infosharing • management • metrics • publicpolicy • security • speaking
Posted January 13th, 2010 by
rybolov
A little presentation I did for NoVA Hackers. Basic intent was to be more workshop than something more formal and to give everybody the tools to do their own experimentation at home.
I even inspired Jack to write a blog post.
Caveat: this has nothing to do with FISMA or Government InfoSec. =)
Links in the Presentation:
Links of interest:
Similar Posts:
Posted in Hack the Planet, Speaking, Technical | 5 Comments »
Tags: barcode • hacking • infosec • itsatrap • pwnage • security • speaking • tools
Posted December 13th, 2009 by
rybolov
A small presentation Dan Philpott and I put together for Potomac Forum about getting sane social media policy out of your security staff. I also recommend reading something I put out a couple of months ago about Social Media Threats and Web 2.0.
Similar Posts:
Posted in FISMA, NIST, Outsourcing, Risk Management, Speaking | 4 Comments »
Tags: 800-53 • accreditation • catalogofcontrols • certification • compliance • fisma • gov20 • government • infosec • infosharing • itsatrap • management • NIST • omb • risk • scalability • speaking
Posted November 7th, 2009 by
rybolov
For those of you who didn’t know the real purpose of DojoCon, it was to raise money and awareness for Hackers for Charity. If you like anything that is in this post, go to HFC and make a donation of time, equipment, tech support, and maybe money. If you’ve never heard of HFC because you’re not one of the “InfoSec Cool Kids”, now is your chance–go read about them.
The video of my dojocon presentation. The microphone was off for the first couple of minutes but I look pretty animated.
And then the compliance panel that I tried not to dominate:
And finally, my slides are up on slideshare:
Similar Posts:
Posted in FISMA, Speaking | 6 Comments »
Tags: 800-53 • accreditation • auditor • C&A • catalogofcontrols • certification • compliance • fisma • government • infosec • itsatrap • management • scalability • security • speaking
Posted October 16th, 2009 by
rybolov
My presentation slides from Sector 2009. This was a really fun conference, the Ontario people are really, really nice.
Presentation Abstract:
The US Federal Government is the world’s largest consumer of IT products and, by extension, one of the largest consumers of IT security products and services. This talk covers some of the problems with security on such a massive scale; how and why some technical, operational, and managerial solutions are working or not working; and how these lessons can be applied to smaller-scale security environments.
Similar Posts:
Posted in FISMA, NIST, Public Policy, Speaking, The Guerilla CISO, What Works | No Comments »
Tags: catalogofcontrols • certification • compliance • fisma • government • infosec • infosharing • law • legislation • management • publicpolicy • scalability • scap • security • speaking
Posts RSS
Subscribe via Email
