StillSecure, After All These Years

  I have been so busy running around and trying to spend more time with the family that I have been negligent in talking about some of the things I have been doing.  A perfect example was last week.  Among other appearances, I was a featured speaker at the annual South Florida ISSA conference.  I have had the pleasure of appearing and attending many different ISSA chapter conferences, but I can say that my home chapter in South Florida, hands down puts on the best conference I have seen, year in and year out.  This years show was no different. From the opening CSI video spoof, to Stephen Northcut’s keynote, down to the last good bye, Jeff Dell, Tim Krabec and Pete Nicoletti, along with the rest of the team out did themselves!

The guys down here know me pretty well and read my blog I suppose. At the end of the day to thank me for speaking they presented me with a few bottles of wine with the labels as shown here.  They obviously had read my article about cloud aficionados. Anyway, if you get a chance, try to make next years show as I am sure the guys will outdo themselves yet again!

As I wrote about earlier this was the first year of the Social Security Blogger Awards. Rich Mogull did a great job lining up a blue-ribbon panel of judges and I think the winners of the awards were very deserving.  You can see the complete list of winners and the full video on the RSA conference blog here.  But here is just part 1 of the video with Rich, Martin and then me:

Sorry for taking so long to get this up, but after my 24 hour odyssey of a trip home from RSA I came down with a bad cold which I hope is not the swine flu.  I still feel pretty crappy, but am fighting through it.  Hey the pros play with pain.

Anyhow, RSA was a little lighter this year in terms of people but as usual a great conference.  For me the highlight was the 3rd annual security bloggers meet up and social security awards.  It was by far our biggest and best event ever.  Martin has a good post on all the goings on and who won the awards. You can see some great pictures from the meet up on Flickr or Facebook. I wanted to take a moment and say that this event took a tremendous effort by the organizing committee. Martin, Rich Mogul and I did our share, but Jennifer Leggio and StillSecure’s own Sonya Caprio really did a lot of the heavy lifting to make this event a success.  Can’t wait till next years show!

The panel I chaired on Thursday was a hoot. Of course I didn’t get a chance to say much, but with Rothman and Mogull and Mike Murray and Michael Farnum on the panel, what did I expect.  The SC Mag award show was a blast as usual too.  Ilena Armstrong and team do a great job on that.

Overall one thing that occurred to me was that over the last 8 or 9 years the amount of friends and people I have met in the security business.  I am very grateful for the their friendship and seeing them at RSA and other shows is what makes these events so special!

The security bloggers event is not that night, so what is the hot ticket for Tuesday night at RSA? For me and many of the movers and shakers in the security industry, the SC Magazine annual awards show at the Hilton is the place to be. It is the security industry’s version of the Oscars. Ilena Armstrong and team put on a first rate event. The drinks are top shelf, the food is decent, the entertainment is very funny and the networking is great! Oh yeah, seeing who wins is pretty exciting too.

Anyway, if you would like to attend this years event there is still time. Here is the link to register. I have been to at least 4 or 5 of these and have never had a bad time!

Well the results are in for the first part of the balloting in the inaugural Social Security Awards for security blogging and podcasting. And quite a lesson in democracy it was. Just like in US presidential politics, it is a big country world out there and if you are going to run a popularity contest, the ones who campaign the hardest and have the most followers win. So when you look the 5 finalists in each category they may not be the ones that you and I would have guessed would be a finalist, but they are the ones who got the most votes.  Could the voting be gamed? Yes, obviously.  But more importantly, I don’t think it is a question of gamed, as much as it is that there are a lot of people who voted who may not be security pros, just interested in security.  We can think about how to do something about this next year. The good news now is that we have an all star panel of judges who will pick the winners from the finalists.

Now there are those who say that the “real” security blogs did not make it.  Some of the gang I run with and are part of the Security Bloggers Network.  Part of me feels the same way.  But at the end of the day, these awards were not for bloggers by bloggers, it was bloggers as voted on by readers and that is what we have in the results.

So to all of the finalists congratulations and good luck!  I will be the MC at the awards ceremony at RSA in 2 weeks with the winners!

As most of you know, this years Security Bloggers Meet up at the RSA conference is going to be a quite a party. In addition to the usual food, drink, podcasting and mingling among the who’s who of security blogging and media, this year we also have the Social Security Awards.  The Social Security Awards are the security blogging awards and we have over 1500 blogs nominated in the 5 categories!  At the end this month the finalists will be given over to our all star panel of judges and the winners will be announced at the awards ceremony at the meet up. 

Yours truly is the MC for the awards. I had invited Beyonce to come down and do a musical number with me ala Hugh Jackman at the Oscars, but she was busy and I don’t think will be at the meet up.  But you never know.  If not perhaps Martin McKeay, Rich Mogull and I could do a “if I were a boy” musical number ;-)

Anyway, what I wanted to say before going off on that tangent is that none of this would be possible without the very generous sponsors who have donated money, equipment and services.  In these tough times putting on an event this size is not cheap.  Also though not listed, a special thanks to the RSA conference folks themselves who have given so much to make this event a reality. Thanks to all of them!

Our latest sponsor, Seagate is donating prizes for for the Social Security Award winners and now has given us a NAS as a door prize as well!  How cool!  Now if we could just get a nice package of prizes and gifts for the event organizers!

OK I got back early from California (because someone I was meeting had to be hospitalized I am afraid) so have some time to blog.  It has been tough lately, but there are lots of stories to touch on.  First of all we are in full swing for the pre-RSA season.  My calendar is already filling up with appointments while I am out in San Fran.  I will be presenting at the Americas Growth Conference again this year on the Monday before RSA.  The AGC event has become a staple over the years and in these challenging times should be even more interesting this year.  Of course there is the security bloggers meet up with planning in full swing ready to rock (SBN members get an invite). Also the SC Magazine awards dinner and event which I was invited to and will be attending.  Thursday morning I moderate an all star panel on what to do about security in this economy.   All in all, RSA is shaping up as a great time! 

While I am registered as a speaker, an exhibitor and 5 year member, I was surprised that this year to attend just the expo and keynotes, there were no free passes.  In some ways it is good, it may keep some people out who are adult trick-or-treaters or resume pushers.  In other ways if you are in the local area the 75 dollars for an expo pass may stop you from attending.  Well here is where I can help. I have 4 expo passes to RSA to give away.  Leave a comment with why you deserve one and if you can convince me you win one. I wish I had full passes to give out to all of the tracks and all, but those are hard to come by. Hope to see you at the conference.

Couple of other stories:

1. Vyatta adds security to the router. I don’t know about you but this is so Cobia 2007!  Come on guys we did this at StillSecure with Cobia 2 years ago.  Plus reading the press on it, it is hard to see what special sauce if any Vyatta adds over the plain vanilla open source offerings that it is based on.  I guess it was to be expected, but I think they are going to have to do better then this to be successful.

2. Is Sun going to rise at IBM? – Looks like Big Blue might be picking up what is left of Sun.  Great, that gives IBM another database to work with (they already have DB2 and Informix), some open source stuff and another silicon design.  On the other hand, Sun has to do something as I am not sure what the future holds for them as a stand alone.

3. How to evaluate if MSSP is right for you- article in searchsecurity about how to properly evaluate whether MSSP is the right for you.  Pretty elementary stuff, but a start to making the decision.

4. NAC, its not just for compliance anymore. – Tim Greene’s article this week calls out how NAC for compliance is yet another great use of NAC.  Yes NAC can be quite the Swiss army knife of security, but is NAC as a compliance tool enough to drive a new NAC sale or just another use for a tool you already bought?  That is the big question about the NAC market.

Came across this press release from Breach Security today. Now Breach is a good company and knows how to throw a party! But as I have written before, private companies who put out press releases talking about 157% increase in sales, 500% increase in channels, yada, yada, yada is just meaningless without putting the context of the actual numbers in.  My experience is when you see one of these, what is actually happening is:

1. They are trying to raise money they need

2. They are shopping the company for a sale

3. They are trying to convince themselves that things are not really that bad

Which one is this PR about?  I don’t know, but I am sure we will see in a short while.

I was pretty happy.  The folks over at Government Security News asked me to write a short piece for their weekly newsletter this past week and spoke about me possibly expanding that into a multi-week gig.  So after scouring the net for something good to write about, I decided that I wanted to talk about the lessons of the Heartland fiasco and how it applies to public sector as well as private sector security admins.  I wrote what if I do say so myself, was a nice little article and sent it over to the folks at GSN. They said they liked it and it would go out on Friday. Cool!

I forgot about it till tonight and then went over to the site to check out if it was posted.  Sure enough I see picture of my “pretty” mug next to an article titled, “The Heartland Debacle, take one”. I think to myself, geez, I guess it was too long and they had to split into two parts, they will probably run take two next week.  Well I scroll down the main page and sure enough I see an article called “The Heartland Debacle, take two” and whose smiling face is looking out at me? None other than Mike Rothman! In a case of parallel evolution or just a slow news week, Mike wrote the same thing I did and surprise, we actually had a very similar message. Shoot!  In the future if I do any more columns I guess I will have to check with Mike to make sure we don’t overlap.

Anyway it gave me a chance to use a phrase I always found cool, twin sons of different mothers.  Dan Fogelberg and Tim Weisberg did an album (does that word show my age?) by that name and it was excellent.  The best song on it was Power of Gold.  Click on the album cover to go listen to it. Enjoy!

I posted this a few weeks ago, but we are getting near the end of nominations. If you have not done so yet, please be sure to nominate your favorite security blogs for the Social Security Awards!

Another dream of mine becomes a reality.  One of the things I have longed thought of doing was starting a security bloggers awards program. With over 200 blogs in the Security Bloggers Network, some recognition for the best of the best would be great.  There are so many great security blogs out there, with so much great content, in my mind it was only natural that we have some sort of recognition for the very best.  How to do these awards without making it a popularity contest though?  Where and when to hold an awards ceremony? Logistics, statistics and such.

It all came together this year.  Working with my fellow Security Blogger Meet up committee members, Jennifer Leggio, Martin McKeay, Rich Mogul and Jeanne Friedman we have made a Security Bloggers Awards a reality!  I am proud to give you the "Social Security Blogger Awards".  Pretty cool, huh?

This initial year of the Social Security Awards will feature awards in 5 categories:

* Best Security Podcast
Who is the voice you listen to week after week?
* Best Technical Security Blog
Who is digging deeper than anyone else?
* Best Corporate Security Blog
Which vendor's contributing the most to the blogosphere?
* Best Non-Technical Security Blog
Who's got the best 30,000 view?
* Most Entertaining Security Blog
Who keeps you riveted? Or who makes you laugh?

We will allow readers to nominate specific blogs, come up with finalists and than have a combination of reader votes and a blue ribbon panel of judges.  The judges we have lined up are:

Brian Krebs
Washington Post
Bill Brenner
CSO Magazine
Kelly Jackson-Higgins
Dark Reading
Dennis Fisher
TechTarget
Jeremiah Owyang
Forrester Research

There will be awards and surprises at the awards ceremony which will take place at the Security Blogger Meet up at RSA this year. You don't have to be a member of the SBN to be nominated, but like the old man says, "it couldn't hurt". If you would like to nominate your blog or have someone else nominate you can use this picture and link to http://www.socialsecurityawards.com

For those of you wondering, I and the rest of the committee and judges are not eligible to be nominated or win any awards.  Also in case you are wondering these awards are not for sale and you can't buy your own category ;-)

Anyway, I am really proud to see this idea becoming a reality. I hope that it will be a great program that will grow better year after year.  For now though, what are you waiting for?  Go nominate you favorite security blogs!

Author's note: Martin posted some good articles on this at the RSA Bloggers meet up site and his own blog, even if he did steal my graphic.

Related articles by Zemanta

• The Social Security Blogger Awards