The Ashimmy Blog: awards and PR

44 posts categorized "awards and PR"

January 09, 2012

How Come My Blog/Podcast Wasn’t Nominated?

With last weeks announcement of the finalists for this years Social Security Bloggers Awards there has been the usual buzz about the awards, the Security Bloggers Network and the bloggers meet up. I want to say from the outset that in total all of the blogs/podcasts nominated as finalists belong there.

Of course there are so many blogs and podcasts that inevitably some worthy ones don’t make the list. This year there has been some questioning of how we pick the finalists and questioning of why certain blog/podcasts were left out. I should say that it seems mostly centered in the podcast category.

As a result I have made a write in option available for qualified voters(more on that in a second) to write in their own selection for best podcast. So far I have a received a handful of write in votes. That being said though, I wanted to go over how we pick the finalists and what the Social Security Bloggers Awards are all about.

First of all you should know that this year at RSA Conference we will be hosting the 6th annual Security Bloggers Meet up. You can find out more about it at the RSA Conference blog for Bloggers Meet up, the Bloggers Meet up Facebook page and the Security Bloggers Network.

This is also the 4th year for the Social Security Bloggers Awards. Again you can read more about them on the links above. The idea behind the blogger awards was to recognize some of the leading bloggers in the security arena. When I first came up with the idea I didn’t think people would get that excited about it.

In the first year of the awards we had judges nominate their choices for finalists (as we have every year since), then we let anyone who registered vote. Well it turned out like so many awards run by other organizations, nothing more than a popularity contest with some people trying to stuff the ballot box. That was not the spirit that I envisioned with these awards.

The awards really grew out of the Security Bloggers Network which I started 6 or more years ago. While a blog or podcast does not have to be in the SBN to be considered or win an award, it was in that same sense of fostering a community among the security blogging space.

So going forward I changed the voting for the awards. While our all star panel of judges still picked the finalists, voting was only open to security bloggers. Each voter had to give their blog or podcast URL with their vote for us to verify. In this way it was an award “by the bloggers, for the bloggers”. This of course drastically cut down the amount of votes cast, but made it a peer based award similar to the Screen Actor Guild SAG awards. I thought that was pretty cool.

Each year I try to bring some fresh blood into the judges pool to get new views on what the best blogs and podcasts are. I also refine and add new categories to hopefully better represent the market. But no matter what is done, there are always going to be some people who feel left out.

So for next year I am already thinking of how we can do this differently. I am open to suggestions. But I will reserve the right on behalf of myself and the bloggers meet up organizing committee to choose what we think is the best method. I want to keep the awards free from ballot box stuffing.

In the meantime I want you all to know that I and many others appreciate all of the great content that the security industry turns out in blogs and podcasts. Thanks to all of you for creating and consuming it. Being nominated or even winning an award is not the payback for why we do this, it is educating and joining in the conversation that keeps us doing it. So please keep blogging and podcasting!

Posted at 11:46 AM in awards and PR, podcasting, security bloggers network, Weblogs | Permalink | TrackBack (0)

January 06, 2012

And The Nominees Are . . .

No I am not announcing the choices for the Oscars. Something even better. It is time to announce the nominees for the 2012 Social Security Bloggers Awards. Voting will open today and remain open until January 30th. Of course the winners will be announced live at the 6th annual Security Bloggers Meet up at RSA Conference!

So before we get to our nominees, a word from our sponsors:

Actually a few other things to mention first as well:

1. Our judges - The nominees for the Social Security Blogger Awards are made by our blue ribbon panel of judges. We did not announce their names before hand this year to limit the "lobbying" that they have been subjected to in the past. But now that the nominations are public, they are open to be influenced by food, liquor, baubles or other means. Seriously a huge thank you to our judges:

Kelly Jackson Higgins

Bill Brenner

Larry Walsh

and special guest judge:

Wendy Nather

2. Eligibility - In years past anyone associated with organizing the bloggers meet up was DQ'ed from being nominated. Frankly that was silly. The fact is that Rich, Martin, Jen and Jeanne (my organizing committee fellow members), don't have a lot to do with the awards. So the only one not eligible for any awards is me. It isn't fair to keep good blogs and people down. Also judges could not nominate their own work, but other judges could nominate someone who is judging. So for instance, Wendy Nather was nominated by another judge unbeknownst to her.

3. New Category - This year we are adding a new category for Security Bloggers Hall of Fame. I will be adding this to the Security Bloggers Network Site after RSA. This category is sort of a lifetime achievement award for security bloggers. But it doesn't mean they are on their last leg. This first year we are going to add two bloggers to the Hall of Fame. In future years we will add one new blogger a year.

4. Who can vote - Again, I did not want to go through the ballot box stuffing that we had a few years back. So only security bloggers and podcasters can vote. If you write on security and have a URL to prove it, you can vote. Me and my election commission members will be going through each vote by hand, so please don't even bother trying to game this. Don't ruin a fun event with bad form.

OK with that out of the way, here are the nominations for the 2012 Social Security Bloggers Awards:

Best Corporate Security Blog:

Fortinet Security Blog http://blog.fortinet.com/

Denim Group http://blog.denimgroup.com/

Trend Micro Cloud Security Blog http://cloudsecurity.trendmicro.com/

Veracode Security Blog http://www.veracode.com/blog/

Kaspersky Lab Blog https://www.securelist.com/en/

Sophos Naked Security Blog http://nakedsecurity.sophos.com/

Best Security Podcast:

Threat Post http://threatpost.com/en_us/podcast

The Network Security Podcast http://netsecpodcast.com/

Eurotrash Security Podcast http://www.eurotrashsecurity.eu/index.php/Main_Page

Pauldotcom http://pauldotcom.com/

Exotic Liability http://www.exoticliability.com/

The Southern Fried Security Podcast http://www.southernfriedsecurity.com/

The Most Educational Security Blog:

Cognitive Dissidents http://blog.cognitivedissidents.com/

Tao Security http://taosecurity.blogspot.com/

F-Secure blog http://www.f-secure.com/weblog/

The New School Security Blog http://newschoolsecurity.com/

AppSecInc Blog http://blog.appsecinc.com/

Evil Bytes/John Sawyer http://www.darkreading.com/blog/archives/evil-bytes/index.html

The Most Entertaining Security Blog:

Rational Survivability http://www.rationalsurvivability.com/blog/

Andrew Hay's Blog http://www.andrewhay.ca/

Uncommon Sense Security/Jack Daniel http://blog.uncommonsensesecurity.com/

New School Of Information Security/Adam Shostack http://newschoolsecurity.com/

Naked Security http://nakedsecurity.sophos.com/

Securosis Blog http://securosis.com/blog

The Blog That Best Represents The Security Industry:

Krebs On Security http://krebsonsecurity.com/

Uncommon Sense Security http://blog.uncommonsensesecurity.com/

SANS Internet Storm Center http://isc.sans.org/

Securosis blog https://securosis.com/blog

The Single Best Blog Post or Podcast Of The Year:

Martin McKeay, Curing the Credit Card Cancer http://www.mckeay.net/2011/11/28/curing-the-credit-card-cancer/

Veracode Blog http://www.veracode.com/blog/2011/08/musings-on-custers-last-stand/

Moxie Marlinspike's ThoughtCrime Labs http://blog.thoughtcrime.org/authenticity-is-broken-in-ssl-but-your-app-ha

Idoneous Security http://idoneous-security.blogspot.com/2011/12/what-your-analyst-wishes-you-knew.html

The First Two Members Of The Security Bloggers Hall Of Fame: (please pick 2)

Adam Shostack (Emergent Chaos, New School of Security)

Brian Krebs (Washington Post, Krebs on Security)

Rich Bejtlich, Tao Security

Chris Hoff, Rational Survivability

Graham Cluley, Naked Security

Bruce Schneier, Schneier On Security

OK, there you have it. Your 2012 Nominees for the Social Security Blogger Awards. You can vote if you like, right now by clicking here

Posted at 10:18 AM in awards and PR, Martin McKeay, rich mogull, security bloggers network, the security industry, tradeshows | Permalink | TrackBack (0)

December 15, 2011

Social Security Blogger Awards 2012

Cooperstown, Canton, Springfield, Cleveland, what do all of these places have in common? They all are homes to a Hall of Fame. Now the Security Bloggers Awards will be joining them with Security Bloggers Hall of Fame too!

It is Christmas time, so you know RSA Conference is not far away. If RSA is almost here, you know that is almost time for the annual Security Bloggers Meet up and Social Security Bloggers Awards.

All of the plans have been made, the judges selected and the finalists will be announced after New Years. As in years past all security bloggers are eligible to vote. But you will have to give your name, email and blog address.

Last years categories will return this year:

Best Corporate Security Blog

Best Security podcast

Most educational security blog

Most entertaining security blog

Security Blog that best represents the industry

The single best security blog post of the year

Additionally this year we will elect the first two members of the Security Bloggers Hall of Fame!

I will announce our judges and other information between Christmas and New Years. This year all blogs are eligible except mine and the judges. Also be on the lookout for save the dates going out soon if you are on our list. If you are not on the list, send an email to info@securitybloggersnetwork.com or leave a comment requesting an invite. You must blog on security and no marketing/PR stuff please!

Posted at 10:42 AM in awards and PR, security bloggers network, the security industry, tradeshows, Weblogs | Permalink | TrackBack (0)

December 13, 2011

The Death of Product Reviews

Image via Wikipedia

My friend Bill Brenner has a post up on his Salted Hash blog today about a recent browser security study done by Accuvant LABS. The study shows that Google Chrome was the safest browser tested. Like Bill, I use Chrome too and agree with the Accuvant study.

The problem for Bill is that the study was sponsored by Google, the makers of Chrome. The fact that they paid for this study in Bill’s mind and in many other people’s minds calls the legitimacy of the entire study into question. Even if it is correct, it just doesn’t sit well with Bill.

Frankly I have the same problems with most product reviews, bake offs, analysis reports, etc. I have written about this before as well. In my mind it is a big reason why no one seems to pay attention to product reviews anymore.

It doesn’t make a difference if it is an “independent lab” doing the testing, a magazine’s testing department, industry awards or an analyst firm analyzing the market, the first thing I look at is who is paying for it. Sometimes finding out who is paying for it is not so easy or transparent either.

To be fair, some firms like Securosis for instance will say upfront that some research they are doing is being financed by a paying customer. Such was the case when Mike, Rich and Adrian did a dive on “fact based security security metrics”. The boys said upfront and at the bottom of the page that they thanked Red Seal for sponsoring the research.

Now does that mean that everything they wrote was for the benefit of Red Seal? I know Rich, Mike and Adrian too well to believe that. But it does give me pause when I read the report to remember that fact.

But I will say that over time I have come to soften my attitude on this issue (I must be getting old). For me it is a case of forewarned is forearmed and I take that disclosure in terms of evaluating how much weight to give the research. The same way a juror has to weigh the testimony of a witness depending on their believability.

In the case of Bill’s browser study, same thing. The chances that Google had a heavy hand in the study by Accuvant is pretty low, but it is something to consider. That is just the way it is.

But for Bill and the other doubting Thomas’s out there, what is the alternative?

One alternative is what Rick Moy and the guys at NSS Labs are doing. They have turned this equation on its head. They make their money from the end user, so the vendors being tested have little to no influence.

As Bill says just because Google paid for it doesn’t mean the study is wrong, but it does give you something else to consider. But since no one wants to do these tests or studies for free, someone has to pay and that is the truth of it.

Posted at 03:57 PM in awards and PR, General Background, General Security, marketing, rich mogull, Security Incite | Permalink | TrackBack (0)

January 18, 2011

Don’t Forget To Vote

Just wanted to put out a reminder that there are less than two weeks left for voting in this years Social Security Blogger Awards. You can vote here:http://www.zoomerang.com/Survey/WEB22BQFS9A3BN/.

Remember you must leave a verifiable email address and blog address in order for your vote to count. From what I am told, our votes this year have already exceed the total number of votes last year. But make your choices known.

Here are the finalists:

Best Corporate Security Blog

Veracode ZeroDay Labs (http://www.veracode.com/blog/)
Fortinet - http://blog.fortinet.com/
Symantec Connect (http://www.symantec.com/connect/)
Gunter Ollmann/Damballa Research http://blog.damballa.com/
Arbor Networks http://asert.arbornetworks.com/

Best Security podcast

Pauldotcom http://www.pauldotcom.com/
Southern Fried Security http://www.southernfriedsecurity.com/
CERTS Podcast Series http://www.cert.org/podcast/
The Silver Bullet Security Podcast http://www.cigital.com/silverbullet/

Most educational security blog

Jeremiah Grossman (http://jeremiahgrossman.blogspot.com/)
Chris Hoff – Rational Survivability (http://www.rationalsurvivability.com/blog/)
Jon Oltsik, Enterprise Strategy Group http://www.enterprisestrategygroup.com/category/our-team/analysts/jon-oltsik/
Naked Security/Sophos http://nakedsecurity.sophos.com/
Evil Bytes /John Sawyer http://www.darkreading.com/blog/archives/evil-bytes/index.html

Most entertaining security blog

Naked Security http://nakedsecurity.sophos.com/
View from the Bunker http://viewfromthebunker.com/
Uncommon Sense Security/Jack Daniels http://blog.uncommonsensesecurity.com/
Securosis Blog/Insights/ Mike Rothman http://securosis.com/blog

Security Blog that best represents the industry

Threat Post http://www.threatpost.com
Krebs on Security http://www.krebsonsecurity.com
CSO Online Blog http://blogs.csoonline.com/
Threat Level (Wired) http://blogs.csoonline.com/
Schneier On Security http://www.schneier.com/

The single best security blog post of the year

The Death of Security as We Know It (http://techbuddha.wordpress.com/2010/11/16/2011-the-death-of-security-as-we-know-it-or-operationalizing-security/)
CyberSecurity and National Policy by Dan Geer (http://www.harvardnsj.com/2010/04/cybersecurity-and-national-policy/)
Ralph Langner, Langner Communications series on Stuxnet http://www.langner.com/en/2010/12/09/our-stuxnet-timeline/
“SecurityBSides Turned Me into an Adult” by Michelle Klinger, from her Fear Not the Assessor bloghttp://topheavysecurity.com/2010/12/13/securitybsides-turned-me-into-an-adult/
Brian Krebs (krebsonsecurity) Sept. 30, 2010 “U.S. charges 37 alleged money mules” http://krebsonsecurity.com/2010/09/u-s-charges-37-alleged-money-mules/
“How to Become an Information Security Thought Leader by Chris Eng http://www.xtranormal.com/watch/7897173)

This may be our strongest slate of finalists ever. Every single nominee is a strong contender. I am sure the races will be close, so every vote counts. Don’t wait vote now!

Posted at 10:24 AM in awards and PR, Chris Hoff, General Background, Martin McKeay, rich mogull, security bloggers network, the security industry, tradeshows, Weblogs | Permalink | TrackBack (0)

January 11, 2011

Mike Rothman and Ashimmy on Dell-Secureworks and more

Mike Rothman has been appearing as a guest on my podcast for 5 years or so now. It is always a pleasure to have him on. To kick off the new year Mike weighs in on the Dell-Secureworks deal. Who would have though Mike would have something to say about it? Of course Mike has something to say on just about everything, but it is always fun and interesting.

Besides the Dell deal, Mike and I talk about security incidents and brand damage in reply to an article George Hulme had in Infoweek yesterday. We also touch on RSA Conference coming up in about a month and what Mike and the rest of the Securosis team will be doing there.

One place they will be is at the Security Blogger Meet up where the Social Security Blogger Awards will be handed out. Mike is a nominee for most entertaining security blog for his weekly incites. If you haven’t already voted, head over to this link and vote!

In the meantime enjoy the podcast!

Posted at 12:42 PM in awards and PR, links and appearances, MandA, podcasting, rich mogull, Security Incite | Permalink | TrackBack (0)

January 10, 2011

And the winners are …..

It is that time of year again! Starting today voting is open for the 3rd annual Social Security Blogger Awards. You can vote at http://www.zoomerang.com/Survey/WEB22BQFS9A3BN/. Be warned that you must leave a verifiable email and blog address in order for your vote to count. Of course the winners will be announced at the Security Bloggers Meet up at the RSA Conference next month.

Before I announce the finalists, I want to give a special thanks to our all star panel of celebrity judges:

1. Bill Brenner of CSOOnline

2. Ellen Messmer of Network World

3. Kelly Jackson-Higgins of Dark Reading

4. Larry Walsh of Channelnomics

Without further delay I am very pleased to announce the finalists for the 3rd Annual Social Security Blogger Awards:

Best Corporate Security Blog

Veracode ZeroDay Labs (http://www.veracode.com/blog/)
Fortinet - http://blog.fortinet.com/
Symantec Connect (http://www.symantec.com/connect/)
Gunter Ollmann/Damballa Research http://blog.damballa.com/
Arbor Networks http://asert.arbornetworks.com/

Best Security podcast

Pauldotcom http://www.pauldotcom.com/
Southern Fried Security http://www.southernfriedsecurity.com/
CERTS Podcast Series http://www.cert.org/podcast/
The Silver Bullet Security Podcast http://www.cigital.com/silverbullet/

Most educational security blog

Jeremiah Grossman (http://jeremiahgrossman.blogspot.com/)
Chris Hoff – Rational Survivability (http://www.rationalsurvivability.com/blog/)
Jon Oltsik, Enterprise Strategy Group http://www.enterprisestrategygroup.com/category/our-team/analysts/jon-oltsik/
Naked Security/Sophos http://nakedsecurity.sophos.com/
Evil Bytes /John Sawyer http://www.darkreading.com/blog/archives/evil-bytes/index.html

Most entertaining security blog

Naked Security http://nakedsecurity.sophos.com/
View from the Bunker http://viewfromthebunker.com/
Uncommon Sense Security/Jack Daniels http://blog.uncommonsensesecurity.com/
Securosis Blog/Insights/ Mike Rothman http://securosis.com/blog

Security Blog that best represents the industry

Threat Post http://www.threatpost.com
Krebs on Security http://www.krebsonsecurity.com
CSO Online Blog http://blogs.csoonline.com/
Threat Level (Wired) http://blogs.csoonline.com/
Schneier On Security http://www.schneier.com/

The single best security blog post of the year

The Death of Security as We Know It (http://techbuddha.wordpress.com/2010/11/16/2011-the-death-of-security-as-we-know-it-or-operationalizing-security/)
CyberSecurity and National Policy by Dan Geer (http://www.harvardnsj.com/2010/04/cybersecurity-and-national-policy/)
Ralph Langner, Langner Communications series on Stuxnet http://www.langner.com/en/2010/12/09/our-stuxnet-timeline/
“SecurityBSides Turned Me into an Adult” by Michelle Klinger, from her Fear Not the Assessor blog http://topheavysecurity.com/2010/12/13/securitybsides-turned-me-into-an-adult/
Brian Krebs (krebsonsecurity) Sept. 30, 2010 “U.S. charges 37 alleged money mules” http://krebsonsecurity.com/2010/09/u-s-charges-37-alleged-money-mules/
“How to Become an Information Security Thought Leader by Chris Eng http://www.xtranormal.com/watch/7897173)

Every single one of these blogs is already a winner having been selected by our blue ribbon panel of judges. Voting closes at the end of the month, so please don’t wait to vote!

Posted at 12:34 PM in amrit williams, awards and PR, Chris Hoff, Current Affairs, General Background, General Security, podcasting, security bloggers network, Security Incite, the security industry, tradeshows, Weblogs | Permalink | TrackBack (0)

May 20, 2010

Are Press Releases Worse Than Useless?

Well it looks like Rich’s article and mine have reinvigorated some of the security bloggers out there. At least for the time being anyway. One of my favorites (and by his own admission one of the ~~oldest~~, I mean longest blogging) Martin McKeay has been blogging up a storm.

Martin blogged today about press releases. Like Martin I receive a decent amount of press releases every day too. I assume it has to do with writing in Network World. Also like Martin I usually take a quick look and hit the delete button on most press releases.

Today Martin posted what he considered a press release that may be of interest to the security community, but not interesting enough for him to blog. His rational is some of the “professional blogs” he reads write a line or two and then post the press release as post.

First of all Martin, what makes you think your not writing a professional blog? I think yours is probably better than many of the so called pros (what is a professional blog anyway?) Secondly, are press releases even relevant? With today’s social media at their disposal, it just seems like such a 1995 way of getting the word out. Maybe if I was looking for a newspaper or something to publish it, I would send out my press release. Lastly, there are already enough places that republish (or regurgitate) these releases without giving them valuable real estate on your own blog, especially if they are not worthy of you blogging on it.

I don’t know but when I see these press releases being distributed to the press list, I feel like some PR company is just going through the motions. I would rather get a power point or something else to sink my teeth into.

Let me be clear, I am not advocating to stop putting out press releases. But the blind distribution list just screams old school to me. There has to be a better way to influence the influencers and get your story out.

So Martin I would use the space on your blog to blog, not regurgitate someone else’s press release. Otherwise you are no better than some of those “professional blogs” you read.

Posted at 08:33 PM in awards and PR, Martin McKeay, security bloggers network, Weblogs | Permalink | TrackBack (0)

March 04, 2010

They're all winners, the Social Security Blogger Awards

Last nights 4th annual Security Bloggers Meetup was perhaps the best yet. There was a real feeling of community from so many of us who communicate all year, but only see other at RSA or a few other shows. My fellow organizing committee members: Jennifer Leggio, Sonya Caprio, Rich Mogul and Martin McKeay have gotten putting together this event down to a science. But there is one other committee member that tends to stay in the background, without whom none of this would be possible. Jeanne Friedman of the RSA Conference is a key person in not only the Security Bloggers Meetup, but in so much of what we all experience at RSA every year. Besides always being there to sponsor our event, Jeanne just does so much more.

I am going to be announcing the winners of our Social Security Blogger awards a little later in this post. But I am really lucky to be associated with such great people who make this event what it is every year. They are the real winners! Thanks so much to all them, especially Jeanne!

Now onto the show. This years Social Security Blogger Awards was very close to the original idea I had with it two years ago. Not to be too self-aggrandizing, but recognize some of the incredible talent that blogs and podcasts on security. The lists of finalists as picked by our blue ribbon panel of judges was incredible. Any one of the nominated blogs and podcasts would have been a worthy winner.

Our own community picked the eventual winners though. So just one more time before declaring the blogs and podcast picked, let me say again. Every blog and podcast picked was a winner. Congratulations on making the finals and keep blogging and podcasting!

The winners of the Social Security Bloggers Awards:

Best Technical Security Blog - The SANS Internet Storm Center Blog

Best Non-technical Security Blog - Krebs on Security by Brian Krebs

Best Podcast - Pauldotcom

Best Corporate Blog - Jeremiah Grossman, White Hat Security

Most Entertaining Security Blog - Rational Survivability by Chris Hoff

Congrats to all of you. The entire security community benefits from your commentary and thought leadership!

I want to give a special thank you to Bill Brenner, MIke Fratto, Kelly Jackson-Higgins and Larry Walsh for serving as judges. Also a huge thank you to Kevin Riggins, of infosecramblings and Joe Franscella of Trainor Communications for all of the help in serving on the awards committee.

We will start planning next years meet up and awards shortly. Would love to hear your ideas on what we can do to make it even better!

Envelope please, and the winners are . . . (ashimmy.com)
Vote for the Social Security Blogger Awards (ashimmy.com)

Posted at 09:26 AM in awards and PR, security bloggers network | Permalink | TrackBack (0)

February 10, 2010

Vote for the Social Security Blogger Awards

It is time to vote for the winners of the 2010 Social Security Bloggers Awards! In my last post I announced the finalists as selected by our blue ribbon panel of judges. In just a few short weeks the security world will be gathering in San Francisco for this years RSA conference. At the annual security bloggers meet up we will announce who has been chosen by their peers as the best of the best in security blogging and podcasting.

As I have said before the voting for the actual winners will be done by members of the Security Bloggers Network. An email with instructions has already gone out to many members of the SBN. But we don't have a master list of all the authors of the blogs in the SBN. So if you are an SBN member you can go to http://www.zoomerang.com/Survey/?p=WEB22A8BWJVVAE and vote. Just a caution. It is one vote per member blog. In order for your vote to count, you are going to have to put in your name, email and blog URL. The results will be checked by hand, so don't even bother trying to game the system.

If you are a security blogger, but have not yet joined the SBN you can still vote and become an SBN member at the same time. Go to the above link, vote for your winners and be sure to put your blog URL and email in. We will verify your blog before accepting your vote and add it to the SBN blog roll at the same time.

So be sure to vote and good luck to the finalists!

Best Technical Security Blog

SANS Internet Storm Center

Evil Bytes by John Sawyer

Praetorian Prefect

Darknet.org

Frequency X ISS blog

Best Non-Technical Security Blog

Security Uncorked

Schneier on Security

Krebs on Security

ThreatPost