Why You Should Care About Security and the Government

June 3rd, 2008 by rybolov

If you're new here and would like to see more of what I'm saying, you may want to subscribe to my RSS feed or have a look at my papers and presentations page for downloads of stuff that you can share or "borrow heavily from". You also might find my guidelines for posting comments interesting, especially if you're a government employee. Thanks for visiting and happy hacking!

Well, this is a little bit of a departure from my usual random digital scribblings that I call a blog:  I partnered up with Vlad the Impaler and we created a slideshow complete with notes about why you should care about security and the Government and what you can learn from watching the Government succeed or fail.

The .pdf of the presentation is here.  Feel free to share with your friends, coworkers, and co-conspirators.

Posted in FISMA, Speaking | 4 Comments »

Caught on Tape!

May 13th, 2008 by rybolov

A couple of weeks ago, Martin McKeay was in town and recorded an interview with me.  I wax poetically on my typical things–FISMA, risk assessment, anti-compliance.

The funny thing is, weeks later, I listened to myself and I actually sound like I know something…. Who woulda thunk it?  =)

Posted in FISMA, Risk Management, Speaking, The Guerilla CISO | No Comments »

Everybody Else Is Doing It So Why Can’t We?

May 8th, 2008 by rybolov

I’ve sat in on too many presentations lately.  After a couple of them, you start to think “Hey, I can do way better than that!”  And so I’ve been collecting my thoughts to get some presentations down and rehearsed.

Anyway, some sample topics I’ve thought up, hope you like them:

  • Security curmudgeon 101:  It all starts with electric shock and goes downhill rapidly
  • Contractors Never Go for Broke: how I learned to stop fearing unclear guidance and made a ton of moolah in the process
  • Who Moved My InfoSec Cheese:  What to do when the great big SOX cow in the sky dries up
  • Leadership Secrets of Attila the CISO: throwing dead bodies and the problem does create a solution!
  • $Racial_Slur in the Wire:  why your perimeter is massive pwnage once they get past it
  • The “S” in “SIEM” stands for “Suck”: learning how to deal with the limitations of security tools
  • Lessons from Language School: how I embraced the language and culture of our sworn enemies so that we could more effectively kill them in a bout of mutually assured destruction and why it seems so quaint in the new millenium
  • DAM Solutions: more than just the punch-line to analyst jokes
  • Data Reduction for Dummies: since the classification follows the data, if we get rid of it all, we don’t need to secure it
  • Physical and Environmental Protection for Packet Monkeys: learning why there’s a big red button on the wall of the data center next to the switches and what really happens when you push it

And, lo and behold, I am available to speak, always have been.  If you like an idea that I’ve put out there, put 3 squirrels on a park bench and I’ll give them a presentation.

Posted in BSOFH, Speaking, The Guerilla CISO | 5 Comments »

Speaking Again

March 28th, 2008 by rybolov

Potomac Forum is holding a 5-Fridays FISMA Fellows Class in May and June.  Of course, I’ll be speaking/teaching and so will some of the other characters you see on my blog.

Hasty Agenda, you can get more info on the Potomac Forum site:

  • Day 1:  Introduction, Determining Boundaries, Inventory, and Data Criticality
  • Day 2: Controls, 800-53, Security Planning
  • Day 3: Security Test and Evaluation, Risk Management
  • Day 4: The Entire Process of Certification and Accreditation, CPIC, Accreditation Packages
  • Day 5: COOP, Patch Management, and Graduation Ceremony

The one caveat is that it’s open only to Government employees.

Posted in FISMA, NIST, Speaking | No Comments »

Another 2-Day C&A Seminar

October 19th, 2007 by rybolov

Hello Everybody

I’ll be teaching again with Potomac Forum at the end of the month.  This will be a 2-day Certification and Accreditation seminar.

Posted in FISMA, Speaking | 1 Comment »

Looking for a Few Good Instructors

October 8th, 2007 by rybolov

Oh great Interwebblagosphere and the readers thereof, I am looking for Information Assurance Instructors. I’m down a couple due to work/life/moved away conflicts.

Some of the details:

  • You need to live in DC or be willing to make yourself be here a couple days out of each quarter.
  • You need to be a “whiz-kid” at the entire NIST IA Framework (not just SSPs, but also ST&E, POA&Ms, etc)
  • You have to be able to speak. We’re not talking professional speaker (ala motivational speakers “living in a van down by the river”), but somebody with presence above the normal closeted geek.
  • You have to be able to get along with me. Not as hard as it might seem.
  • We do have a screening process before you are a full-fledged instructor. Not all have met the standard.

Benefits:

  • The pay is absolutely $0 but we make up for it in food, alcohol, and charming conversation.  Occasionally we’ll give you a 20% raise. =)
  • You get hella lotta CPEs for CISSP, CAP, CISM, etc.
  • It’s a great resume builder.
  • You learn the inside secrets on how IA really works.
  • You get contacts–Agency CISOs, NIST dignitaries, and practitioners from every agency.

Posted in Speaking | No Comments »

C&A Seminar 25-26 September

September 13th, 2007 by rybolov

We’re having a 2-day Certification and Accreditation seminar in September.  The material is vendor-agnostic (read: no brochures except for more seminars) and we have some good guest speakers lined up including somebody from the NIST FISMA Implementation Project and some of the CISOs around DC.

I might or might not be speaking, depending on how the final staffing works out.  No matter, I’ll catch the next one around. =)

Posted in FISMA, NIST, Speaking | No Comments »

« Previous Entries


Visitor Geolocationing Widget: