Here’s a complete roundup of the reporting I did for Tripwire’s State of Security blog at the RSA Conference.
It’s been a little over a week since the conclusion of the 2012 RSA Conference and Security B-Sides. Once again we had a great time interviewing and photographing lots of really smart people about information security. We produced hundreds of photos and dozens of articles and videos, but I wanted to put everything together for you in one nice neat place, plus spotlight our five favorite videos.
Before we headed to RSA, we culled together 25 great stories from infosec gurus admitting their security mistakes.
25 Infosec Gurus Admit to their Mistakes…and What They Learned from Them – We spoke with some of the best and brightest in security about some of the dumbest things they’ve ever done in security. |
At the event we shot hundreds of photos of people holding up speech bubbles finishing statements such as “The best people in security are…”,”I love being in security because…”, and “Security is not…”
RSA Conference Photos – Photos of attendees answering our security questions on speech bubbles. |
At the end of the show, I put together a six minute summary of the entire event.
RSA 2012 End of Show Report – Here are some highlights of both the technical and human side of the 2012 RSA Conference and Security B-Sides in San Francisco. |
And we produced a ton of videos. Here are our…
Top five favorite videos from the 2012 RSA Conference
Hey…What’s Your Password? – Hackers go to amazing lengths to try to get your password. Silly video producers like me just head to the RSA Conference and ask attendees straight up, “Hey…What’s your password?” | |
What Does it Take to Become a Security Bad Ass? – Want to be a security bad ass yourself, then listen to the advice from the attendees of Security B-Sides. | |
The Causes of and Solutions for Security Burnout – Are security professionals burning out at a faster rate than their non-security IT counterparts? If so, what can be done to solve the burnout rate? (w/ Jack Daniel @jack_daniel) | |
Enough Screwing Around. Let’s Start Sharing Incident Data. – We already know we have incidents after the fact, so why don’t we start sharing data before they become publicly damaging? (w/ Bob Rudis @hrbrmstr) | |
What’s the Best Advice Anyone Ever Gave You About Security? – Here are more than two dozen answers to that question in less than 90 seconds. |
Lots more great videos from the 2012 RSA Conference
Security B-Sides: Connecting the Infosec Community…Locally– Want to connect with your fellow infosec peeps? Then you need to either attend or start a Security B-Sides event in your area. (w/ Mike Dahn @mikd) | |
Risk Management Priorities Change Given Job Responsibilities– Just change jobs and you’ll have a completely different perspective of what are the most important assets in your company and what’s at risk. (w/ David Mortman @mortman) | |
Making Compliance Part of Your Daily Routine, Not Just Once a Year – Monitor continuously so you don’t get stuck finding out about a breach 3-4 months after it happened. (w/ Bob Russo @bobrussopci) | |
Benefits of Launching a DevOps Environment – Be hyperefficient and competitive by converting your development/IT environment into a DevOps environment. (w/ Gene Kim @realgenekim) | |
Security Guru Tells Tale of How His Blog Became a Botnet Server – It’s important for security gurus to admit to their mistakes. It humanizes them especially when that’s often the most important part of security. (w/ Adam Shostack @adamshostack) | |
The Causes of Mobile Application Risk – Mobile applications are often being built with no concern to security. How does this affect you and other users? (w/ Chris Wysopal @weldpond) | |
Core to Information Security is Monitoring Your Inputs and Outputs – Failure to consistently monitor traffic in and out of your network is not a technology problem, it’s a process problem. (w/ Dan Frye @frizille) | |
Bruce Schneier on Why Security Exists in Society – A video interview with Bruce Schneier explaining why we need security when people normally are civil and honest. (w/ Bruce Schneier @schneierblog) | |
If We Can’t Stop Data Breaches, What Can We Do? – Explanations of why we can never get rid of data breaches and some possible solutions on how to prevent many from happening. (w/ Larry Ponemon @ponemon) | |
Cyberwar Ignores the Conventions of War and Why That’s Wrong – Cyberwar’s main goal is to attack civilian targets. Will security experts be proud of their work once their tools are utilized? (w/ Marcus Ranum @mjranum) | |
Is Infosec Ready for Big Data? – “Big Data” is definitely all the buzz. The question is are you ready and is the security industry ready to take advantage of it? (w/ Andrew Jaquith @arj) | |
IT at Ludicrous Speed with Rugged DevOps – Developers and Operations can’t be opposed. They need to work together to be able to perform at high speed. (w/ Josh Corman @joshcorman and Gene Kim @realgenekim) | |
It’s Impossible to Secure Everything, So Focus on Your Adversaries – Vulnerability protection is reaching infinity, so why not focus on something that’s probably far less, your adversaries. (w/ Josh Corman @joshcorman David J. Etue @djetue) | |
Tips for Launching Your Security Startup – For startups to succeed, they can’t go it alone. They need to be part of the larger security ecosystem. (w/ Andrew Hay @andrewsmhay) | |
Developer Tip: How to Make Security Warnings Understandable for End Users – A simple training tool for developers to create simpler and more useful user alerts. (w/ Adam Shostack @adamshostack) | |
Building a Data Science Practice for Better Risk Management – The next stage of shared incident reporting and collaborative Big Data for true data sciences. Are you ready for it? (w/ Alex Hutton @alexhutton) | |
How Do You Know You’re Making the Right Security Decision? – You might think you never know, but in actuality there are some practical ways to go about making the best security decision possible. Here is what attendees at RSA had to say about making the right security decision. | |
Security’s Best Asset are Argumentative Geeks – Security geeks love to argue. When is it constructive for the industry and when is it destructive? (w/ Bill Brenner @BillBrenner70) | |
Know Your Assets and How Their Threat Level Changes Over Time – Risk management is a situation of not just knowing what’s important and what’s not important to secure, but also how that value changes over time. (w/ Dwayne Melancon @thatdwayne) | |
Are All These New “Risk” Tools Actually Risk Management Tools? – The real way you measure risk is determining the value of your assets and what a threat to that asset means to your business. Not all risk identified tools do that. (w/ Ben Tomhave @falconsview) | |
Could Insurance Be Risk Management’s Motivational Force? – Mike Lloyd of RedSeal Networks offers an olive branch between finance and the security department by way of insurance. (w/ Mike Lloyd @RedSealNetworks) | |
Why the Utility Industry Needs to Embrace Risk Management – The utility industry is no stranger to risk management as it applies to their physical equipment. When it comes to managing the electronic controls, many are in the dark. (w/ Sean Sherman) | |
Reporting on Risk Management Can Be Just as Threatening – As every organization embraces risk management and tries to prioritize time and money to security, Dark Reading is doing the same with its reporting of risk management. (w/ Tim Wilson @darkreadingtim) | |
Risk Management Advice for Social Media – How people handle themselves in social media privately will reflect how they handle themselves in social media when they’re representing your company. (w/ Ira Winkler @irawinkler) | |
Richard A. Clarke on “Cyber War” Engagement – Cyber war has been portrayed as a disruption where in reality it can cause real damage and should be treated with the same severity as regular war. (w/ Richard A. Clarke) | |
Where’s Last Year’s Cloud Discussion at RSA? – While there are plenty of security products that work well in a cloud environment, the same unique cloud security issues still loom. (w/ Edward Haletky @texiwill) | |
Risk Management in the Cloud – All cloud providers want is your trust. Will you give it to them? (w/ Adam Ely @AdamEly) |