November 6th, 2008 by rybolov
If you're new here and would like to see more of what I'm saying, you may want to subscribe to my RSS feed (I can even email my blog posts to you when I publish a new one) or have a look at my papers and presentations page for downloads of stuff that you can share or "borrow heavily from". You also might find my guidelines for posting comments interesting, especially if you're a government employee. If you want to see me blog about anything in particular, drop me a private email on how you think I'm completely full of myself, extend me an invitation to speak at your next security meeting/event, or just to ship a huge bag of money in my direction, you can do that through my contact page. Thanks for visiting and happy hacking!
Yes, auditors are the source of many lulz for those of us, mostly because they ask silly questions off of their script.
But hey, it’s a hard job to do, and I have lots of respect for auditors. A good auditor is worth their weight in fibre runs any day of the week.
Posted in IKANHAZFIZMA | 
No Comments »
October 30th, 2008 by rybolov
While the rest of the world had a nice relaxing weekend preparing for the upcoming election, our Guerilla CISO LOLCATS spent lots of their time tracking down non-patched computers. Yet another highly-glamorous CISO activity that somehow doesn’t end up in the recruiting posters. What’s that? Oh yeah, we don’t really recruit security managers, it’s more like being voluntold.
Sometimes in my less-coherent hours, this is exactly how I picture desktops reaching out to WSUS for those oh-so-critical patches:
Posted in IKANHAZFIZMA | No Comments »
October 16th, 2008 by rybolov
After jamming to get a new budget and do annual FISMA reporting, our Government security leaders take a small breather before elections and transition to a new administration.
Posted in IKANHAZFIZMA | No Comments »
October 2nd, 2008 by rybolov
Well, other than the fact that I think TIC isn’t about reducing the attack footprint of the Government (more to follow on this), it makes a fun compliance pinata to whack at.
Posted in IKANHAZFIZMA | No Comments »
September 25th, 2008 by rybolov
Since it’s SCAP week here inside the beltway, I thought that it would be a fitting theme for today’s IKANHAZFIZMA.
Posted in IKANHAZFIZMA | 2 Comments »
September 10th, 2008 by rybolov
Not exactly security-related, but relevant nonetheless. And by transition, we mean the activity where all of the senior people in the executive branch rearrange themselves and are replaced by the new president’s appointees like a warped version of “upset the fruit basket”.
Posted in IKANHAZFIZMA | No Comments »
August 28th, 2008 by rybolov
Pet peeve of just about every CISO in existance: the so-called “audit requirements”. What they really mean to say is “It’s on the checklist, so it has to be true, just do what I say”.
Without traceability to the actual requirement, items on a checklist are just that: items on a checklist.
Anyway, on to the lulz:
Posted in IKANHAZFIZMA | 1 Comment »
Posts RSS
Subscribe via Email
