Build security in or bolt it on afterwords? Our IKANHAZFIZMA LOLCATS have an opinion on this today.

• Lolcats and QR Codes
• Redundant Lolcats
• Lolcats Protect the End Users
• Lolcats Coming to you from the Cloud
• Lolcats, Capital Hill, and a Haiku

A common theme for me this year:  as a security manager, how do you use metrics to tell your boss that you’re doing a good job and yet at the same time you’re doing a bad job and need more money, time, and resources?

• SCAP in Lulz
• Oh to be a Program Manager
• Preliminary Findings on Cybersecurity Review Now Out
• Cyber-Ninja Lolcats Caught on Film
• IKANHAZFIZMA Finds Caution Tape

With a shout-out to Chris Paget who generated some of the biggest buzz at Defcon with his GSM hacks.

• Lolcats Attend B-Sides
• Look Out, Sir Bruce, IKANHAZFIZMA is Coming for You
• Preparing for Cybergeddon
• Lolcats Coming to you from the Cloud
• Super Secret Security Control You Were Never Meant To See

If it wasn’t frustrating dealing with the huge conflict-of-interest that follows the Government’s InfoSec pocketbook, it would be absolutely hilarious to watch the myriad interactions between all the competing interests at work, all with their grand plan on how to “fix” something that, in their opinion, is grossly broken.  Not that their idea is any better or will be executed better, it’s that it’s something new and gives them soundbites.

I’ll even admit to having my own opinions from time to time, although I’m not in it for the filthy lucre, just trying to help.  =)

• Preliminary Findings on Cybersecurity Review Now Out
• Aurora and LOLCATS
• The InfoSec D-List and IKANHAZFIZMA
• Cyber-Workforce Training?
• Lolcats take on Laws, Sausage, Cyberwhatzits, and PCI

Some days I feel like all this “continuous monitoring” talk around the beltway is just really a codeword for “buy our junk”, much like the old standby “defense in depth”, only instead of firewalls and IDS, it’s desktop and server configuration management.  Even better that it works for both products and services.  The BSOFH in me likes having a phrase like “Near Real-Time Continuous Compliance Monitoring” which can mean anything from “tying thermite grenades to the racks in case of being captured” to “I think I’ll make a ham sandwich for lunch and charge you for the privilege”.

Anyway, our IKANHAZFIZMA lolcats have finally found a control worth monitoring:  the world’s supply of overstuffed cheeseburgers.  This continuous monitoring thing is serious business, just like the Internets.

• Federal Computer Week and S.773
• Metricon is Next Week
• Oh Lookie, Somebody’s Doing What I Said To Do….
• CISOin’ Ain’t Easy, But It’s a Living
• Draft of SP 800-37 R1 is Out for Public Review

There are a couple definitions for “darknet”, all of them valid for this lol.

• Snowmageddon Meets the IKANHAZFIZMA Lolcats
• Incident Response and Lolcats
• LOLCATS: Defending our Cyber-Turf
• IKANHAZFIZMA and Transparency
• Aurora and LOLCATS