Tuesday, November 27, 2012

Read With Your Ears

   I remember an old joke from when I was a kid. Someone would hold an item and say "look at this". Then when you reach out to take whatever they had, they would pull it back and say "you see with your eyes". That's only funny to a kid. But here's a different take on that... I read with my ears.

   I really love audiobooks. Since discovering audiobooks a few years ago my reading has gone way up.  I've read a bunch of books over the past few years including business books, science fiction, fiction, nonfiction/history, and all kinds of interesting things. But sometimes I'll mention that I just read a book, or I'm reading a book, but some people don't necessarily consider that "reading".

Tuesday, November 20, 2012

Stuff I Say - People Want To Do The Right Thing

   In the security field we hear a lot about the insider threat.  There have been plenty of well publicized incidents of internal employees, contractors or ex-employees stealing information, or deleting information or leaving some other kind of destruction before they leave an organization   I'll cover this topic in more detail in a future post.

   While this certainly does happen, it's not prevalent.  Call me an optimist... but I think that people generally want to do the right thing.

   And this is where the problems begin.  Sometimes those who make the rules and enforce the rules just make it too difficult to do the right thing!

Tuesday, November 13, 2012

Stuff I Say - You Pay by the Word

   This is a continuation of a series of posts on some of my philosophies about security strategy.  These ideas are covered in a fun talk entitled #*%! My CISO Says, covering a range of security governance and management topics.  Slides are on my slideshare page.  The first two posts are here and here.

   In that second post I was talking about policy.  Traditionally many organzations have staff sign a form that says that they have read and understood policy.  Perhaps the organization has some kind of new employee orientation at which policy is reviewed.  Among the problems is that policy is usually too long and too complicated.  It then becomes a TL;DR document (Too Long; Didn't Read).  I'm sure that both policy writers and policy readers/recipients can relate to this.
   So what to do?  I like to say that "you pay by the word", because you can pay now or pay later...

Tuesday, November 6, 2012

Reputation Management 101

   In October and November I’ve had a number of opportunities to present to groups of parents about Internet Safety, Social Networks and kids.  I try to do this regularly.  It’s a great way to give back to the community and talk about subjects I enjoy.

   One of the themes I often cover is Reputation Management.

   Parents are concerned that their kids share too much information online.  So much of what our kids do is documented online.  Everyone is carrying a camera and video camera with them and it all gets posted online.  For those of you who are parents with kids… imagine if there were cameras everywhere when you were young and everything you did was photographed or videoed and available for anyone to see!