10 Oct 2012

The Coming Storm: Forensics in the Cloud

Cloud computing has increased productivity and decreased IT costs. However, there is a black lining to this particular cloud, as the benefits come at the price of giving up control, visibility and tracking data provenance. Computer forensics traditionally relies on having physical access to systems, providing examiners with the ability

05 Oct 2012

Apple Shareholders Demand Security Risk Reports From the Board

Apple shareholders this past week made a request of Apple’s Board of Directors to provide a report regarding how Apple and its board oversees security and privacy risks. The request cites many of the recent privacy and security issues that have plagued Apple, making headlines and even leading to litigation. The

28 Sep 2012

When Log Files Attack: IEEE Data Leak

This week it was discovered that a large number member passwords and IDs of the Institute of Electrical and Electronics Engineers (IEEE) were exposed on a publicly available server. Roughly 100GB of log files were discovered by Radu Dragusin a teaching assistant in Denmark on an unsecured FTP server.  The

21 Sep 2012

Lessons From Ignite: 5 Tips for CISOs Presenting to the Board

You have 5 minutes to explain why you are relevant to the business and define your organization’s risk posture…ready…set…GO!!! This week I presented for the first time at Ignite. If you are not familiar with the format you have 5 minutes and 20 slides that automatically advance every 15 seconds.

14 Sep 2012

Fifty Shades of Grey Hat: Hacking & Ethics

Over the summer attended and presented at several security conferences including Black Hat, Security B Sides and ToorCamp.  When I  explain the conferences and activities such as penetration testing and lock picking to those outside of the security community, I get a similar responses such as “isn’t that illegal?”  When