	HOME \| CONTACT US \| SITE MAP

Secure IT Live

IT security host and security professional Eric Green discusses IT security issues.

Other Subscriber Options...

Discussion with Stanton Gatewood, Dr. Larry Ponemon and Kevin Beaver - Episode 40

In this episode I was at the 2010 Gartner Security and Risk Symposium and was able to have a fantastic discussion on mobile risk, education, security awareness and the use of research and metrics with three extremely bright gentlemen thanks to the folks at Intel who set that up.

Interviewed were:

Stanton Gatewood - CISO, Board of Regents of The University of Georgia
Dr. Larry Ponemon - Chairman and Founder, The Ponemon Institute
Kevin Beaver - Information Security Consultant, Principle Logic

I hope you enjoy listening to this discussion as much as I did conducting it.

RSA 2010 - First Video Podcast with Adam Meyers - Episode - 39

This episode represents the first video podcast seen on my podcast show, and I was fortunate to have Adam Meyers, Senior Principal at SRA International available at the 2010 RSA Conference to be the first such interview.

The topic for Adam was that of situational awareness and cyber intelligence. We were able to discuss his views on why cyber intelligence is important to the private sector (as opposed to just government) as well as among other things, thoughts on some best practices and how to use your current organizational technology people to implement such strategies.

RSA 2010 - Discussion with Jim Schriver on biometrics - Episode - 38

In this episode I have a bit of a hardware and general state of biometrics discussion with Jim Schriver, Director of New Technologies at Black Box Network Services.

The topic of biometrics has been of interest to me and other in the industry as of late as I've begun to see a number of very successful implementations particularly around the military and law enforcement. I still belive the technology and direction is excellent - however the issue so far as I can tell remains getting the IT folks and the physical security folks to see eye to eye on who owns what and how it all operates.

That is part of what we discussed here - but moreover I plan on having further discussions on down the road hopefully with the practitioner behind one of the successful implementations I am suggesting are out there.

RSA 2010 - Post Keynote discussion with Brian Snow - Episode 37

One of the highlights of my week at the RSA conference was being able to sit down and speak with Brian Snow shortly after his Cryptographers Panel keynote session.

For those who don't know him - Brian Snow was NSA IAD Technical Director, he started as a government cryptographer working on secure systems including nuclear command and control, tactical battlefield radios, and network security. He created and managed NSA’s Secure Systems Design Division in the 1980’s, and became a Technical Director in 1992 (equivalent to a Corporate Chief Scientist). His credo: Managers are responsible for doing things right; Technical Directors are responsible for finding the right things to do.

In this podcast, Brian demonstrates his amazing background and knowledge of the industry. You must listen to his concept of 'lean forward' along with his views on trust, smartphones and some amazing examples from his past.

RSA 2010 - Discussion with Robert Rodriguez on Innovation - Episode 36

In this episode I speak with Robert Rodriguez, Founder and President of the Security Innovation Network.

It's always a pleasure to speak to my good friend and business associate Robert as he is able to explain our nations need for security innovation better then anyone I know - while giving direction to start-up companies on what it takes to get out there and start doing business with the government.

Anyone listening should also keep an eye on the Security Innovation Network website for new activities, and the Fourth Annual Entrepreneurs Forum is coming up March 16-17, 2010 at Stanford University with a star line up of speakers also discussed in our podcast.

Finally, Robert Rodriguez is also one of our judges for the SC World Congress Security Innovators Throwdown - also discussed in brief on the podcast. Find out more about that on the SC World Congress website.

Special interview with newly appointed CIO of Heartland Payment Systems - Episode 35

In this episode I speak with Steven Elefant, newly appointed CIO of Heartland Payment Systems.

Steve and I covered a broad range of topics from innovation in the security industry, to the Heartland breach as well as some details of how his company has responded to this incident to greatly improve card processing security.

Heartland's CEO, Bob Carr will be presenting a keynote presentation on the topic of the breach on October 13 in NY at the SC World Congress

eDiscovery, Data Integrity and the Path to Trusted Time Stamping - Episode 34

In this episode I speak with Paul Doyle, Founder & CEO at ProofSpace and Co-Inventor of the company's Transiant Key Technology.

eDiscovery is being talked about more and more, but what does this have to do with infosec and the security professional? Data security and the security professional are indispensable elements in any organizations litigation preparedness or litigation team. Paul is a thought leader in the joint fields of information security and the law about the established importance of eDiscovery and the emerging concern about data integrity, authenticity and time as a trust anchor through Trusted Time Stamping. Paul Doyle has help write the first American National Standard for Trusted Time Stamping, helped establish the Information Assurance Consortium, co-Chairs the AIIM Evidentiary Support - Legal Standards Committee and is an active member and contributing author to work at both the Sedona Conference and the American Bar Association.

White Listing and End-to-End Trust - Episode 33

Back on the show after a number of industry ground breaking announcements is Wyatt Starnes, Founder, CEO and President, SignaCert.

In this podcast we discuss white listing and end-to-end trust; both key components of recent announcements that started at the 2009 RSA Conference with Microsoft - and then continued several weeks later with Applied Identity.

Neil MacDonald at Gartner has been doing some very interesting postings on the topic of Whitelists over the last month or so, which we discuss in this episode, and can be found here:
http://blogs.gartner.com/neil_macdonald/2009/04/03/we-need-a-global-industry-wide-application-whitelist/

For other details relating to this podcast, please visit links below:

SignaCert Patent, Whitelist:
http://www.signacert.com/company/news/press/050409.html

Microsoft/SignaCert Collaboration Announcement:
http://www.signacert.com/company/news/press/042109.html

Applied Identity/SignaCert Announcement:
http://www.signacert.com/company/news/press/051209.html

Non-Vulnerability Based Attacks - Episode 32

I was at the 2009 RSA Conference at the end of April for the whole week and was able to listen to quite a few interesting presentations, walk what I believe is the industry's largest trade show floor and indeed talk to a number of security professionals for my show.

Here is a discussion about attacks that don't exploit vulneratilities in applications but permit misuse or applications only to be detected by behavioural analysis - very interesting conversation. Called non-vulnerability based attacks for obvious reasons, Avi Chesla, Vice President with Radware explains the phenomenon.

Botnets, Malicious Code and Latest Exploit Trends - Episode 31

In this interview I discuss some of the latest trends around propagation of malicious code and botnets among other things with Righard Zwienenberg, Chief Research Officer with Norman.

We also hit on some of the latest vulnerabilities noted in Adobe and Microsoft products.

Electric Sector SCADA Security Issues and Progress - Episode 30

In this instance I was able to find a quiet spot for an interesting conversation with Walter Sikora, Vice President, Security Solutions with Industrial Defender.

Walter has some interesting experience working with some of the 1100 or so facilities that have signed on to meet the NERC CIP regulation which becomes enforcable starting in July. We are all in hopes this regulation and standard is adhered to and helps strengthen this piece of the nations critical infrastructure.

Public sector and first responder credentialing and security - Episode 29

I spent a number of days at the FOSE / GovSec show in DC put on by the 1105 Media Group and had some good conversations with a number of folks over there. The show itself like all others has clearly shrunk in size but there seemed to still be quite a bit of energy on the show floor and in the sessions.

Secure credentialing came to the forefront of all of our minds imediately after the horror of 9/11, although subsequent disasters not the least of which was hurricane Katrina kept the focus on this issue. Keeping track of who we admit to secure locations and sites becomes as important as knowing who is currently at certain secure locations and disaster sites.

There are myriad Federal regulations and standards in this space but at the heart of them all is that 'c' word...convergence. Credentialing is a classic example of the connection between physical and logical security. Now who in the agency or enterprise controls this hardware and technology, well that is a bigger debate.

Here I speak with Chris Broderick, the CEO of CoreStreet and an individual who has a great deal of experience and knowledge in this space.

A familiar device with a new twist - printer security - Episode 28

Over the years I have talked to many sharp industry luminaries about new technologies and the security issues inherent in implementing them that we need to be aware of. A classic one related to this discussion was that of VoIP and how it made IT and IS people come to learn how a phone system can have a direct, and if not properly configured and secured, devastating impact on an organizations network.

Over the last couple of years printers have moved in to the same catagory. Printers and imaging devices (copiers, etc) now are not only connected to our networks but also have a ton of storage on board, raising security, compliance and general internal ownership issues - who owns that piece of the enterprise now, is it still facilities, or is it IT or now how do the IS people fit in?

To help answer some of these questions I was pleased to be able to sit down with Michael R Howard, WW Business Development Manager for Security Solutions in the Imaging and Printing side of HP. Long title I realize, but smart guy, and bottom line, Michael is the guy in the middle of the business of securing printers.

Secure machine to machine wireless commmunications - Episode 27

The first conversation I decided to put on the show was centered around machine to machine wireless communication. This was of particular interest to me given some of the vast changes and updates to smart meter technologies in the electric sector, as well as a major government and private sector move to minimize costs associated with doing business - which includes for instance economizing car and truck fleets among other things. GPS tracking was a key part of this discussion.

To that end, I was pleased to discuss this with Tony Tarsia, Director, Public Sector - KORE Telematics Inc.

Defense in Dimension - a new way of viewing global threat data - Episode 26

In this episode we are discussing global threat analysis and discovery along with the importance of a reputational based approach.

My discussion is with Adam Mikrut, CEO and Founder of DigitalStakeout. Adam has a unique ability to be able to be behind the technology itself but also understand the business trends in the private and public sector that lead to the need for the kind of threat visibility we discuss. Adam is a trusted source for such information to many both in government and industry.

Interview with Joe Pistone, Howard Schmidt and Carlos Solari - Episode 25