Monday, November 5, 2012

My Podcast with (Security Horror Stories)

As we prepared for Halloween last week, I sat down with Alan Shimel ( and Nimmy Reichenberg ( to share some of the scary things we've all seen or heard about in our time in information security. Here's the podcast recording which is also available on Network World at



Contributions Towards nCircle's “Security Tips, Tricks & Bits” eBook

I was recently asked to contribute towards nCircle’s security eBook entitled “Security Tips, Tricks & Bits”.  You can view the entire eBook at the following link as a PDF: eBook.

Also, you can look at the below press release with some of the other folks that contributed towards the eBook here: Other Folks
If you haven’t already taken a look at what nCircle has to offer, I’d take highly recommend you give them a gander. They have a solid offering in the vulnerability management and metric sector.

Friday, November 2, 2012

Hacking in a Hurricane

It occurred to me on Monday night, as I was sitting in the dark unplugged from the Matrix due to Hurricane Sandy, that attackers could take major advantage of weather related situations like hurricanes, earthquakes, etc for their own devious means. No, I'm not talking about Cobra Commander and his Weather Dominator, but it's a close second.

With the majority of NY and NJ without power attackers could have taken this time to launch attacks towards unprepared victims. At a time when companies in this area are most likely failing over their systems to other locations, and IT support is either out of power or are being overwhelmed with other duties, an attack could go unnoticed. Talk about adding insult to injury!!

Security monitoring needs to be considered as a major part of your business continuity program. We need to have people and resources in place to make changes and monitor your environment during and after a major catastrophe. Don't get me wrong, it sucks without power, but we need to make provisions to keep our guard up during these hard times.

We need to start thinking like criminals and understand that they're very opportunistic in nature and if they can make some money quickly, without being seen, they're going to do it. It's similar to criminals launching DDoS attacks as a diversion to even more malevolent activity behind the scenes.

This being said, my heart goes out to all those who were effected by this horrible storm. We need to have our priorities in place and keeping our families, friends and neighbors safe is on the top of the list. There is nothing more important than that, but we should have policy/procedure in place to continue our security posture during and after a catastrophe so we can focus all our energy towards what really matters.

Front Line Sentinel Nominated as Top National Security Resource

I was informed earlier in the week that “Front Line Sentinel” was named a Top National Security Resource on the subject of Cybersecurity by the site You can review the full list here.

It’s with much humility that I join others who have not only been doing this for quite some time, but doing it much better than I ever could.  The goal in starting this blog was always awareness (as well as ranting) on cybersecurity and I’m still slightly amazed when I realize people actually read it.

Thanks again everyone!!