Category: Articles

Compliance vs. Security

This is a fantastic video by Javvad Malik (@J4vv4d on Twitter) that clearly explains the differences between ‘security’ and ‘compliance’ – and why they’re not the same. Check it out…

Vote Wim for ISC2 Board Inclusion!

wimConsider this my official endorsement of Wim Remes’ petition to have his name included on the (ISC)2 election ballot. I’ve known Wim for a few years now and would love to have his voice on the board of directors. In January 2010 I interviewed Wim for the Security D-List so please give that a read as well as his official petition (which I have included below):

On August 19th I received the yearly e-mail from (ISC)2 where they informed me of their yearly board elections that will take place as from November 16th. While I respect everyone currently slated for the ballot, I always cringe a little when I look back of yet another year where the divide between what I consider the infosec community of which I am a vocal participant and the institution ISC2 has become. I could spend another year on the sideline watching the gap grow bigger OR I can try and BE the change that A LOT of my online and real life friends are waiting for.

This is my official petition page to have my name added to the election ballot on November 16th.

you can support me by sending an e-mail from your e-mail address registered with ISC2 mentioning your NAME, EMAIL ADDRESS and CERTIFICATION NUMBER to wim@remes-it.be .

If I’m to become a member of the (ISC)2 Board of Directors I will strive to do the following in the three years that I will be given the opportunity to be the change you are all looking for:

* A closer collaboration with the information security community at large. This means recognition of what is currently considered to be an outlawish community but what I consider as a treasure trove of knowledge and capability that remains untapped. Either because we are afraid of what we don’t understand or because hackers are still suffering from a bad image. Not in my book!

* A review of the certification requirements for the flagship (ISC)2 certification, the CISSP, in order to bring it back to the level it once was on. Ideally with the incorporation of more in-depth requirements on a technical level, requirements in soft skills and, possibly, the addition of a written paper requirement that would show the knowledge the candidate has acquired during the learning process. This last requirement would feedback into the community becoming a valuable resource for security professionals globally.

* I am from Europe. I still feel that many of the subject covered by (ISC)2 and other organizations are focused on the US. My goal is to widen the efforts to a global approach that brings communities from different continents together instead of seperating them further. While there is a different in laws, culture, etc. across continents, I firmly belief that we have more in common and there needs to be a better collaboration
in order to address the security challenges we have coming at us.

* With my work on PTES (http://www.pentest-standard.org), Infosec Mentors (http://www.infosecmentors.com) Brucon (http://www.brucon.org), Eurotrash Security Podcast (http://www.eurotrashsecurity.eu) and other global initiatives I want to encourage the members of (ISC)2 tobecome a part of the community that I consider so valuable.

About Me

This is not about me but apparently I need some kind of bio. I am Wim Remes (CISSP ;-)), working in IT for 14 years now and passionate about security for over 10 of those. I have not graduated from any posh university but who cares right? I’m currently working for a Big4 company in Belgium as a Security Consultant. I will add extra information to my bid page as soon as possible.

In the mean time, please take the time to send me that e-mail and spread the link to this page as wide and as deep as possible. I need 500 signatures to my petition before September 19th. If you want passion on the (ISC)2 Board of Directors, you know what to do!

Dark Reading Post: A National Monitoring Infrastructure

My latest Dark Reading post over at the Security Monitoring Tech Center has been published. The post postulates the feasibility of orchestrating a national monitoring infrastructure as a huge collaborative endeavor – and asks if would be possible to bring both private and public data under government oversight.

From the article:

If the national-level collection infrastructure were limited to a cyber-security mandate, however, military branches, in addition to government and intelligence agencies, could wield a national ESIM to better defend their interests. Once implemented, this national ESIM could expand to encompass public utilities and the military industrial base of defense contractors and SIs with which it partners to further national interest. Really, any organization or vendor with ties to government’s defense could be directed to submit to a national ESIM mandate in the best interest of the country’s defense. A major obstacle to hurdle is that many departments, divisions and federal entities rely on their own ESIM deployments to manage the cyber-security concerns within their own small spheres of control.

Read the full post here: http://www.darkreading.com/security-monitoring/blog/229403129/a-national-monitoring-infrastructure.html

Scroll to top