Tuesday, September 24, 2013

So You're a New CISO!?

   There are plenty of articles out there about becoming a new CISO.  And what elements you should have in an enterprise security program.

   I'm about to become a new CISO... again.  It's not an entirely unique situation.  I've been a CISO for over 10 years.  I'm starting as a new employee of an organization that has newly created the CISO position.  So I am new, and the CISO position is new, to this organization.

   I read this interesting article entitled 68 Great Ideas for Running the Security Department.  It's a great article, but even as a mathematician, I just can't count that high!  I also love top 10 lists.  But sometimes 10 is too high a number as well.

   Here are the 3 key things I'm going to do as a new CISO:

Tuesday, September 17, 2013

When is Encrypted really Encrypted?

   With all the discussion on the NSA and what they can, and cannot, see, collect and decrypt on the net, the picture is pretty muddy.  Google has the announced plans to enhance their encryption.  Perhaps most confusing is what this means for home users.  Is your data safe?  Is it being collected?  Who can see your data and how can it be kept private?

   First, a few concepts... you can skip this and jump right to the "how-to's" if you want.  Without getting too deep into the bits and bytes, there are basically 2 forms of encryption: transport and file.

Tuesday, September 10, 2013

What Works in Tech #Leadership - Keep It Simple

   As I'm heading toward the end of my current job, and getting ready for the challenges of my next opportunity, I've been thinking and reflecting on a few things.  One of these is leadership.
   I've had the opportunity to lead some great programs and teams in my career so far.  I went directly from being a technical individual contributor to management without any formal managerial training.  Earlier in my career I had titles and responsibilities including: software developer/programmer, engineering support, systems administration, architect, systems support, web developer, email administrator, security administrator/architect.  All of these positions can offer leadership opportunities, but this is very different than formal management.

   When I was in purely technical positions I had no interest in management, and couldn't even imagine going in that direction.  But then an opportunity came my way and I started down the "dark path" of management!  And I figured it out as I went along, with some results better than others.

Tuesday, September 3, 2013

Putting the Face in Facebook

   As can happen in a month whose name contains an "a", "e" or "u" :-), Facebook has once again made
changes to its privacy policy and practices.  And, as always we all have two choices: accept the changes (and adjust our settings and practices appropriately), or; leave Facebook.

   Of course most people won't leave Facebook, and if anything they will add more users than those that leave.

   As I look through the changes (see Facebook's notice here with links to the details), I think there are three things to know...