Blog
Interviewed on RSAC TV
I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference.
In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.
Security Beyond The Perimeter
Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hybrid cloud hosting even more exposed to attackers than they were before.
Everyone has heard the “defense in depth” analogy relating security to a medieval castle with controlled access to different locations of the castle and a defensive moat around the perimeter. This “hard outside” and “soft inside” model was designed to make it as difficult as possible to get past the perimeter. However, once inside the walls, the trusted individual had elevated access to resources within the network.
Unsurprisingly, the medieval defense analogy has lost much of its relevance in a world where systems and users move effortlessly from within the confines of a walled corporation, to a local coffee shop, and perhaps even to a different country as part of normal business operations.
Securing the next generation of hosting platforms requires a new approach that not every organization is ready for. Some industry analyst firms promote the idea of a “cloud first strategy” for all technology deployments. Though not a bad idea, per se, this doesn’t mean that forklifting your entire architecture into cloud or containerized environments should be your number one priority – especially if you’re being forced to choose between a new architecture and the traditional security controls that you depend upon.
Thankfully, technology has evolved to allow for more seamless security in environments that need to span traditional datacenters, virtualization, and cloud environments. This has allowed organizations to grow their capabilities without the need to choose between having security and having new technology stacks.
So how do we, as security professionals and business owners, decide what mitigating controls should be deployed to future-proof our security? It’s actually much easier than it sounds. To learn more about how to perform security beyond the perimeter please read my full post on https://www.juniper.net/us/en/dm/security-beyond-the-perimeter/.
The Hay CFP Management Method – Part 2
I’ve had a lot of positive feedback from my first post which explained how to create the Trello board to track your Call For Paper (CFP) due dates, submissions, and results. In this post, I’ll explain how to create the cards and populate them with the required data to better manage your CFP pipeline.
To start your first card click the ‘Add a card…’ link in the CFP Open swim lane.
Type in the name of the conference and select the ‘Add’ button.
Once the card is added, click the pencil icon to add more context.
Within the card, place the location of the conference in the ‘Add a more detailed subscription…’ section and select the Save button. Note: I strongly advise that you follow a consistent location naming (e.g. Houston, TX or Houston, TX, USA) to make visualizing the data easier later on.
Now we have to add the CFP due date. Select the ‘Due Date’ button.
When I input the CFP due date, I often use the date prior to the published due date ( I also set the time to 11:59pm) as a way to ensure I don’t leave the submission to the absolute last minute.
After the date is selected I fill the card with more CFP-specific information that I find from the event website, Twitter, or a third-party CFP site. I also pate the URL for the CFP submission form into the card so that I don’t have to hunt for it later (it automatically saves it as an attachment). If other information, such as important dates, conference details, or comments about the event are available I often add those in the ‘Add Comment’ section. Just make sure to his the ‘Save’ button or the data won’t be added to the card.
Optionally, you can leverage the ‘Labels’ button to assign color coded tags to denote different things. For example, I’ve used these to denote the audience type, the continent, country, state/province where the event is located, and whether or not travel and expenses (T&E) are covered. These are really just informational to help you prioritize events.
Click the ‘X’ at the top right hand side of the card or click somewhere else on the board to close the card.
You now have your first conference CFP card that can be moved through the board calendar pipeline – something that I’ll discuss in my next blog post.