|Podcasts||Community||Create a Podcast|
Security.Exe powered by The CISO Group with Alan Shimel
Give it a listen!
APT: the security threat we love to hate
December 03, 2013 10:39 AM PST
In this episode I am once again joined by my co-host, Mitchell Ashley and our guest is Michael Sutton, VP of security research at Zscaler. The topic is APT: Advanced Persistent Threat, the security threat everyone loves to hate.
Some APTs are the work of nation-state entities for strategic goals, others are financial in motivation. But they are seldom random. Michael tells what Zscaler is doing to combat APTs. Mitchell and I have our own views on this whole class of attack and it makes for a good listen.
Enjoy!Mitchell and Alan Together Again Discuss AWS and other things
November 20, 2013 10:54 AM PST
Sort of like Dean and Jerry getting back together Mitchell Ashley and I are podcasting together again! It was like old times with Mitchell as we settle into speak about what he has been up to over the last few years. We discuss the recent AWS re:Invent conference, the cloud, IT, DevOps, etc.
We only take this out for a 20 minute spin so it is a quick listen. Hope you find it as interesting and fun as we did. We will be hosting another episode next week with a special guest as we discuss APT.
Here are links to some of the stuff Mitchell and I discussed:
AWS reference architectures.
July 18, 2013 04:49 AM PDT
The University of Idaho was fined over 400k by the Departmenet of HHS recently for a breach that involved a clinic operated by the university turning their firewall off for 10 months. That seems pretty obvious to security folks, but goes to show that HIPAA fines are real.
I am joined in this podcast by Steve Spearman of Health Security Solutions, Billy Austin of iScan Online and Tim Woods of Firemon as we talk about what you can do to keep your firewalls up, secure your endpoints, find ePHI and avoid being the next big HIPAA story.
Enjoy!When HIPAA Is To Hard For Health Care, Outsource It!
May 14, 2013 08:25 AM PDT
HIPAA, HITECH and other regulatory compliance mandates have given many a health care professional headaches. It is hard enough practicing health care, dealing with complex insurance regulations and running a business. Making sure you comply with the latest patient confidentiality and security laws are frankly beyond many health care providers. Who are they going to call?
That is where Steve Spearman and his company Health Security Solutions comes in. Steve's company have become the HIPAA experts for health care providers throughout the country.
I had a chance to speak with Steve and find out how he makes these complex regulatory compliance issues doable for the doctors.
Have a listen and you can learn too!In Security Response Does Not Trump Prevention
May 02, 2013 05:15 AM PDT
This episode of the Open Network is with Jason Brvenik, VP of Security Strategy at Sourcefire. Jason and I speak about the recent trend in security that acknowledges that successful attacks happen and we need to put resources into response, potentially at the expense of resources dedicated to prevention. Which is more important?
Jason's expertise in security gives us great insight into this question as well as some great advice for what you need to do in putting your security strategy in place.
Enjoy!The Real Cost of Security with Wendy Nather of 451 Research
April 04, 2013 07:15 AM PDT
One of my favorite people in the security industry is my friend Wendy Nather, Director of Security Research for 451 Research. Wendy has a new report coming out on the "real cost of security". This is somewhat of a follow up to her earlier "security below the poverty line" report. Wendy likes to look at what type of security CISO's think they need and what it actually costs.
It is always educational and fun to hear what Wendy has to say. Enjoy!Trustworthy Computing Sponsors the Security Bloggers Network
March 01, 2013 08:45 PM PST
I am very pleased to report that once again the good folks over at Microsoft's Trustworthy Computing Group have agreed to sponsor the Security Bloggers Network. The SBN has a long history of working with TWC and we are happy to work with them again.
Microsoft is holding their second annual Security Development Conference in San Francisco, May 14-15, 2013. The conference will feature Scott Charney, Corporate VP Trustworthy Computing, Microsoft; Edna M Conway, Chief Security Strategist Global Supply Chain, Cisco Systems; Brad Arkin, Senior Director of Security Adobe Secure Software, Engineering Team (ASSET).
Conference specialty tracks target three different types of professionals: Engineers, Project Management, and Leadership. Combining keynotes from thought leaders as well as specialized breakout sessions, this conference is a can’t-miss for security professionals at any level. You can register now!
I had a chance to chat with director of TWC Tim Raines. We were going to talk about the conference, but Tim and I started talking about the TWC, the world of security and what the challenges on the horizon are. By the time we were done, we never got to the conference, LOL!
Anyway, I think you will find the conversation very interesting. Enjoy and if you can go to the conference.Alert Logic Partner Pavilion at RSA 2013 - Urvish Vashi
February 22, 2013 05:51 PM PST
This third in a series of podcasts about RSA 2013 and the the Alert Logic partner pavilion is with Urvish Vashi, VP of marketing at Alert Logic.
Urvish gives us the behind the scenes thinking on why Alert Logic thought it was important that they exhibit with some of their leading partners at RSA this year. He also tells us that it was not difficult to convince these partners that exhibiting at RSA was good for them. In fact it was somewhat of a no brainer for them.
I know Urvish for many years and he is a sharp thinker who understands the market and the technology. This is a short conversation and well worth the time to listen in.Alert Logic Partner Pavilion at RSA 2013 - Navisite
February 22, 2013 05:46 PM PST
RSA Conference is where the world gathers around information security. This year in addition to their own exhibit, Alert Logic is also hosting a partner pavilion where 5 of the leading hosting and cloud providers in the world will be exhibiting as well.
I had a chance to speak with Chris Patterson, VP of Product Management at Navisite, one of the Alert Logic Partners exhibiting.
Chris is one of the driving forces behind the Navi cloud. He also has some great insight into the state of cloud security and what market drivers are influencing the direction of future innovation.
Chris shares some great insight into Navisite's offerings including not just cloud, but security, managed desktop and the state of the market.
It is a great conversation and worth the listen!Sunguard Availability Services at Alert Logic's Partner Pavilion, RSA 2013
February 21, 2013 09:19 AM PST
RSA Conference is THE information security event of the year. My friends at Alert Logic in addition to exhibiting themselves have set up a partners pavilion this year. The pavilion features some of the leading cloud and hosting providers in the world.
I had a chance to catch up with a representative from one of these partners, Sunguard Availability Services in this episode of Security.exe. Cara Camping, Product Manager, Managed Security Services for Sunguard AS is my guest. Cara talks about Sunguard's approach to security in depth, why they partner with Alert Logic and what they expect from exhibiting at RSA Conference.
Below are two slides that give some detail to what Cara is talking about:
Have a listen and learn about Sunguard managed security.IBM's Ed Abrams on Midmarket Trends in 2012
January 16, 2013 10:14 AM PST
IBM's VP of marketing and strategy for SMB, Ed Abrams is my guest on this episode of the Open Network. Ed discusses the findings in the 2012 IBM Trends Report. The trends pointing to the future for the midmarket are very dramatic.
First it seems that security is no longer an inhibitor to cloud adoption for the midmarket and SMB. This segment is moving to the cloud in a big way. Ed says that this is being done with the help of MSPs. This trend will accelerate in the months to come.
Based on the findings in this report IBM is moving a lot of attention to this market. If you are servicing the SMB and midmarket, perhaps you should too!A look back and ahead in Backup
January 10, 2013 09:27 PM PST
Over the last month I have sat down with several of my friends in various tech sectors to discuss the happenings of the past year and what may lay ahead in the coming year. In this episode I speak with my friend David Wartell, VP of server backup at Idera.
David is a long time player in the world of Backup and his insights into where the market is going are very insightful. Factors like the cloud, backup as a service and virtualization have turned this market upside down. This will create opportunities for new leaders to emerge.
Who will be the winners and what will make them so? Listen to what David has to say to find out.Eucalyptus Sees a Bright Future for Hybrid Cloud
November 27, 2012 07:21 AM PST
I had a chance to speak with Dr. Rich Wolski, CTO of Eucalyptus Systems. Eucalyptus open source cloud management software makes it possible to have AWS compatible private clouds and hybrid clouds. They have been getting a lot of traction lately in the very competitive open source cloud space.
I spoke with Dr. Wolski about Eucalyptus, the state of the cloud and could we see in the future a Eucalyptus that works with Open Stack. His answer may surprise you.
Rich Wolski is one of the pioneers of cloud computing and always a great interview. Enjoy!AppDirect Builds a Cloud/Mobile App Ecosystem
November 16, 2012 09:53 AM PST
Building new app marketplaces is the business of AppDirect. They are allowing companies to create instant app marketplaces for their customers. Actually there is an entire ecosystem to these app marketplaces though. From the app developers themselves who want their apps in these marketplaces, to the companies wanting to offer the marketplaces, this is a far reaching ecosystem.
November 05, 2012 06:50 PM PST
Nothing like a disaster to show you how important it is to plan for one. With the super storm Sandy wreaking havoc in the Northeast, many an organization is realizing that their disaster recovery plan was either out of date or even worse non-existent. Of course the lesson is a painful and costly one, but perhaps it will help others to better plan in the future.
I had a chance to speak with Rachel Dines, senior analyst at Forrester for disaster recovery and business continuity. Rachel recently published the latest in a line of analysis recommending that companies need to update their planning from Disaster Recovery to Technology Resiliency.
Have a listen to our conversation and right after head over to http://forr.com/BTRfree as Forrester has lowered their paywall and made a whole set of reports on DR available for free during the month of November. Don't miss this!Halloween IT Horror Stories
October 31, 2012 10:06 AM PDT
In the spirit of Halloween, here are some IT Horror stories courtesy of Nimmy Reichenberg of Algosec and Matthew Pascucci, security researcher and analyst.
Listen in to these horror stories of what can happen if you don't follow best practices!
Happy Halloween!MetaCloud makes Managed Private Cloud as a Service Real
October 18, 2012 08:17 AM PDT
Recently emerged from stealth, Metacloud is bringing Managed Private Cloud-as-a-Service to you. Based on OpenStack, the managed cloud service can be run on your own equipment from any data center or location you desire.
The folks behind MetaCloud team have managed some of the largest cloud instances in the world and have the experience and expertise to manage yours.
Listen in as I speak with co-founders Steve Curry and Sean Lynch as they explain why even Jerry Yang, co-founder of Yahoo invested in their idea of a managed cloud future.Taking Responsibility For Your Security
September 27, 2012 10:10 AM PDT
In the current political climate a big theme is taking personal responsibility rather than relying on the government. In security responsibility has always been a big thing. Who is responsible for security an organizations digital assets and ensuring network performance and integrity.
The recent case of PACTCO v Peoples United Bank has called the whole question of security responsibility into question. Should a bank be liable of a commercial customer was tricked into giving up its online banking credentials? How can a bank know when it is actually the customer versus someone who has stolen their log in? When is the customer liable for their own negligence?
My friend Jody Brazil, President of Firemon wrote a good blog article on this.I had a chance to sit down with Jody and discuss it on this episode of the open network.CloudAccess.net Joomla PaaS and More
September 12, 2012 08:10 AM PDT
Gary Brooks started CloudAccess.net when he realized that the Joomla community needed a better solution to host demo sites that people were setting up to check out Joomla. He now hosts up to 20,000 new demo sites a month and a good portion of them become permanent.
Over the years Gary has added other services to his Platform-as-a-Service offering at CloudAccess.net, including data back up and DR.
I had a chance to sit down with Gary and talk about his success in building a company around an open source project and what he sees as new exciting trends in the market.Aerospike Wants To Rocket To The Top Of NoSQL
September 03, 2012 10:39 PM PDT
Aerospike, the former Citrusleaf has announced a new round of funding, the acquisition of Alchemy DB and bold new agenda to "rocket" to the top of the NoSQL Big Data market.
I sat down with SRINI V. SRINIVASAN, Founder & VP Engineering & Operations and Don Haderle, who is known as the “Father of DB2 and a technology advisor to Aerospike.
Have a listed to how they see the market and how they aim to become a leader in it.Are Firewalls Dead?
July 17, 2012 03:56 PM PDT
Roger Grimes put forth that very idea a while back in his InfoWorld column. Roger admittedly was making a provocative statement, but he has some strong feelings on the subject.
Roger feels that the threats today have outgrown simple firewalls. Most attacks are web based using port 80 and easily bypass firewalls.The age of buffer overflows are past and so should be the age of firewalls.
Next Gen Firewalls you ask? Don't bother. Roger says while they have been great marketing them, no one is actually using them.
Obviously there are some people who disagree. Joining Roger and I on the panel today are Jody Brazil, President of Firemon and Andrew Braunberg, a well known security analyst.
Listen in as Roger, Jody, Andrew and I discuss the future of firewalls and what role they will play.
Enjoy!A Year Open Source
July 16, 2012 08:17 AM PDT
Could you go for a full year living open source? Not just software or even hardware, but opens source everything? A Berlin man, Sam Muirhead is going to try and do just that. From the clothes he wears to the food he eats, to designs of tools he uses, Sam is going to try and do it all with open source.
I had a chance to speak with before he embarks on his year of open source, August 1.
Enjoy!Allgress Opens A New Window in Security and Risk Management
June 26, 2012 11:46 AM PDT
Join Dave Cullinane, former CISO of eBay, Skpe and PayPal as we discuss Allgress with Jeff Bennett, its President and COO. Allgress just launched from stealth mode where it has been working with CISOs such as Dave in bringing a more efficient and meaningful view into risk management and GRC.
Whether you are using Allgress to supplement your existing GRC solution or as your sole GRC solution, Allgress has been built and tested by and for leading CISOs like Dave Cullinane.
It is a great interview with some great insights from a real security luminary like Dave and great insight into an exciting new security company, Allgress!
Here are Dave's and Jeff's backgrounds:
Dave is a founding member and chairman of the board of the Cloud Security Alliance (CSA). He is the past president and chairman of the IT-ISAC, an organization dedicated to sharing security related information across companies in the IT industry. He served as a member of the IT Sector Coordinating Council and the National Council of ISACs. He is an ISSA Fellow, and was recently elected to the ISSA Hall of Fame. He serves on ASIS International's CSO Roundtable Committee and is on the Editorial Advisory Board of CSO Magazine and SC Magazine. He was awarded SC Magazine’s Global Award as Chief Security Officer of the Year for 2005 and CSO Magazine’s 2006 Compass Award as a “Visionary Leader of the Security Profession.” In 2012 he was awarded SecureWorld’s first Lifetime Achievement Award for his outstanding contributions to the advancement of the information security community.
Jeff Bennett, Founder, President and Chief Operating Officer
June 01, 2012 07:28 AM PDT
With all of the talk around cloud and mobile, the real killer app for security may very well be identity and access control. There are some great open source solutions around access control, but at the enterprise level more functionality and scale are needed.
Fox Technologies has developed that kind of application. I had a chance to sit down and talk with Fox Technologies CEO Subhash Tantry about how Fox is helping companies with both their security and compliance needs.
If you are not familiar with Fox Technologies and access control solutions, you should really have a listen.
Enjoy!SQL and the Cloud: Is there a wrong or right?
May 10, 2012 11:39 AM PDT
The perfect storm of the cloud, big data and mobile has created the environment where we are seeing more choice and more opportunity in the database market then we have seen in a long time.
In today's podcast I am joined by executives of 3 different database companies.
James Phillips, co-founder of Couchbase, a leading NoSQL company,
The four of us discuss how to choose the best database for your cloud applications. It may be that you need more than one. We also discuss the current state of the market and best practices in database design and management today. We also talk about what may be ahead in the DB market.
All in all a great discussion on cloud databases!
EnjoyDave Jilk, CEO of Standing Cloud on Cloud Orchestration Layers
April 20, 2012 11:04 AM PDT
Dave Jilk of Standing Cloud is my guest this week. We discuss what Dave calls the "cloud orchestration" layer. This is what allows apps, developers to talk to cloud infrastructures and allows one cloud to talk to another (at some level anyway).
Dave and the folks at Standing Cloud have been playing in this area almost since the beginning.
Enjoy!CompTIA Sponsors SBN and Offers New CASP Certification
April 03, 2012 10:20 PM PDT
CompTIA Advanced Security Practitioner (CASP), is the newest certification from CompTIA who have been offering technical certifications just about longer than anyone.
To let people know about this new certification program and the rest of their excellent courses and certification CompTIA is partnering with the Security Bloggers Network and has signed on as a sponsor. We thank CompTIA for the support!
I had a chance to speak with Rick Bauer, director of research and development at CompTIA. We spoke about CompTIA, the different certifications they offer and the whole technical certification space.
Enjoy!Apps for Security: Open Source meets Crowd Sourcing
March 13, 2012 08:57 AM PDT
Today we speak with Hart Rossman, CTO for Cyber Security at SAIC and the founder and visionary behind Apps for Security. Apps for Security allows developers and designers to come together in a collaborative setting to work on open source and open APIs to develop better security.
Sponsored by SAIC and The Security Innovation Network, the first Apps for Security day will be Thursday, March 22, 2012, 10am-6pm, at the The Computer History Museum, Mountain View, Ca. You can find out more and register by visiting: http://www.security-innovation.org/apps4sec.htm
If things go well there are already plans to do hold more innovation days for Apps for Security all over the country.NoSQL Security - What is the real story?
January 25, 2012 05:52 AM PST
The NoSQL market has grown at a torrid pace over the last few years. Like many red hot tech sectors the leaders are so busy running at full speed ahead, no one has time to stop and smell the flowers. Capturing customers and market share in order to seize the market leadership. Responding to customers requests to close the sale is paramount.
Usually it is only later that additional features get layered in. Of course we in the security industry have seen all too often when security is one of these afterthoughts that gets layered in after the fact. Usually when it is too late and some bad things have already happened.
In the NoSQL space the debate about security has already begun. There have been several articles about whether or not NoSQL is in fact secure enough for its mission.
Against this backdrop I have a great panel for today's Open Network podcast. From the NoSQL space, Dwight Merriman, CEO and founder of 10Gen, makers of MongoDB and James Phillips, founder of Couchbase. From the security space we have none other than Rich Mogull and Adrian Lane of Securosis.
It was a great discussion, but some of the frustration of the security industry about not making security a higher priority came to the surface. Dwight and James did a great job explaining how they are running as fast as they can to keep up, but the customer is king.
This is a longer podcast running about 40 minutes. But I think it is well worth your time. Enjoy!Pen Testing, Vulnerabilities and Risk Management
January 23, 2012 08:24 AM PST
Continuing my series on Risk,I am very lucky to have another great panel on this episode of the Security.Exe podcast. I am joined by HD Moore, founder of Metasploit and CSO of Rapid7, Ron Gula, CEO and CTO of Tenable Network Security and last but not least, once again, Jody Brazil, founder and President of Firemon.
Ron, HD, Jody and I discuss Risk, CVSS, pen testing as part of a risk management strategy and what are some of the biggest issues around risk management today.
It is always great to have intelligent people to discuss the issues with and this panel is top notch!
Hope you enjoy.MapR's John Schroeder talks Hadoop and Big Data for 2012
January 20, 2012 05:45 AM PST
This episode of the Open Network is with John Schroeder, founder and CEO of Map R, who distributes a high powered version of Hadoop. Hadoop and Big Data is red hot and getting hotter. What does 2012 have in store for it? What about whispers around the security of Big Data? With so many players, consolidation is bound to happen.
Listen in to this 15 or so minute conversation and hear what John, a pioneer in the Hadoop industry has to say!Risk, Risk, Risk!
December 19, 2011 09:00 AM PST
In order to manage risk correctly we have to be able to measure it. In order to measure risk correctly, we need to be able to define it. Even something as elementary as defining risk can create questions and ambiguities. So where do we begin and how do we figure this out?
I am joined by a great cast to discuss these questions and more on this episode of Security.Exe. Alex Hutton, formerly of Verizon and now with a top 25 financial institution joins me, along with Ben Tomhave(@Falconsview) and Jody Brazil of Firemon.
We spend just over a half hour defining risk, talking about ways to measure and manage it and what you can do.
I am always invigorated when I listen to smart people discuss a subject I am interest in. I was very invigorated and excited being part of this podcast.
Enjoy!The Open Network: Blazemeter brings SaaS-based Load and Performance Testing
December 06, 2011 10:57 AM PST
Blazemeter announced today that they have closed on a 1.2 million dollar series "A" round of financing to bring the first enterprise class SaaS based load and performance testing to market.
Using the cloud and based on the popular Apache Jmeter project, Blazemeter will make life much easier for testing and QA teams.
Alon Girmonsky, CEO and founder of Blazemeter says, "In the same way that AWS introduced EC2 based on XEN and Heroku created a cloud focused on Ruby, BlazeMeter has created a cloud that focuses on load testing and is 100% compatible with the open-source JMeter. We’re using the cloud to answer the need for a powerful, inexpensive, do-it-yourself load testing solution.”
I had a chance to sit down with Alon and discuss Blazemeter, SaaS, the cloud and open source.
Enjoy!Have We Got Risk All Wrong? Risk Analyzer From Firemon
December 01, 2011 07:05 AM PST
Most of us in the information security industry long ago recognized that we could not eliminate every risk and threat to our data and networks. Instead we have tried to manage that risk to acceptable levels, with acceptable being in the eye of the beholder. An entire information security risk management industry has sprung up over this time. But, have we missed the boat on risk? Has the risk management space been hijacked by the vulnerability management crowd?
We have settled on a formula for risk being:
Risk (R)= Threat (T) x Vulnerability (V)
But is that the correct formula to use? Are there other factors that need to be considered?
I am joined on this podcast by Jody Brazil, President of Firemon and Gary Fish, CEO of Firemon to discuss these questions in light of Firemon's new Risk Analyzer product.
Risk Analyzer offers a new way to look at risk, using risk based scenarios. Introducing concepts such as reachability, exposure and asset value into the equation, give us a better measure of risk. Risk Analyzer also gives us another way of prioritizing different risks to make us more efficient.
As many of you know, I have been working with Firemon for a few months and have watched Risk Analyzer develop. I am very excited by what it offers and I think you will be too.
Have a listen as I discuss this with Jody and Gary.
Also be advised that there was a clicking in the recording (which we obviously didn't know about). I have done my best using my not very considerable sound engineering skills to remove them. It is still there, but it is the best I can do and I thought the quality of the conversation was much more important than the quality of the sound.
Enjoy!Simon Crosby: Virtualization Is A Great Opportunity For Security
November 15, 2011 12:00 PM PST
Security by the cloud for the cloud and via the cloud is an idea whose time has come. Simon Crosby, CTO of cloud security start up Bromium thinks so anyway. Of course Crosby knows something about cloud, virtualization and security. His previous stints include beomg CTO of Xen and Citrix's virtualization divisions.
Simon was one of the first people talking about cloud security and has been a leader in the space ever since. He says that virtualization and the isolation features which are part of it, give us a chance to do security better than ever before. This is why security in the cloud represents a chance to do security better.
Listen in as Simon talks to me about virutalization, security, the cloud and open source.
This will be posted on Network World as well, but Secure Cloud Review listeners are getting this early peek.Rackspace Cloud Builders Bringing OpenStack To A Cloud Near You
November 11, 2011 06:38 AM PST
This week I wrote about CM-aaS (cloud management as a service). I was talking about the private cloud edition of open stack offered by Rackspace Cloud Builders. Find out more about this from the GM and de facto CTO of Cloud BuildersMetrics and Security - What Should You Focus On?
October 28, 2011 07:55 AM PDT
Metrics in security have been a hotly debated topic for some time. But this episode our panel takes another look. I am joined by Raf Los of HP, Elizabeth Martin of Red Legg, Eric Irvin of Alert Logic and Will Gragido of TippingPoint/HP to discuss what metrics make sense.
Of course we could probably talk all day and night and not come to a definitive conclusion. But it is a fun and informative 30 minutes with some really bright people.
Enjoy!Security Below the Poverty Line with Wendy Nather of The 451 Group
October 17, 2011 08:54 AM PDT
Having been in the infosec world for more than 10 years, I have learned the hard way that there are some real issues around effective security for everyone. One of them is that security is hard and seems to be getting harder. As a result security is also very expensive. So expensive that only the largest of organizations who put a high value on securing their assets can afford it. In fact some studies show that large organizations spend on average of about 3.5 million dollars a year on security. Frankly, even that is not enough given the current state of cybersecurity. But even assuming that number is adequate, who has 3.5 million to spend today?
The fact is that most organizations live "below the security poverty line". One of my friends in the infosec world and someone who many follow is Wendy Nather, director of research for enterprise security at the 451 Group. Wendy has real world experience as a CISO at both private and public organizations. She is extremely bright and dialed into the infosec scene. She wrote a report titled "Security Below the Poverty Line". Wendy's research shows that most organizations don't have anywhere near the resources required to do security right.
I actually wrote a follow on to Wendy's report on Secure Cloud Review (another place I blog) titled, "Brother Can You Spare A Dime: Life Below The Security Poverty Line". In it I detailed that like the real poor today, security poor organizations may make due on a "high carb" diet of security that lacks "protein". By that I mean they have minimal security that gets them "fat" but doesn't really do the job. Anyone who is working in security recognizes this as a real problem we all face.
I wanted to speak to Wendy about what role open source security can play to raise organizations above the security poverty line. The open source security community has always been an innovative and dynamic one. In just about every security area there is a viable open source project. So could open source be the secret weapon in the war on security poverty?
Wendy and I discuss just this and what her research shows. You can listen to our 15 minute discussion below. But let me give you some insight even if you don't listen to the podcast. The costs of security are not only the hardware and software of the security products. The human costs of security are equally expensive. Even deploying open source security projects will take experienced, qualified security know how. That costs money, more money than many organizations can afford. So open source in and of itself is not going to be a panacea here.
You can learn more listening to the podcast or visit my blog on Network World and read the full interview article.Open Source Security Pioneer Sourcefire Goes Agile
September 12, 2011 07:06 AM PDT
Martin Roesch and the company he founded, Sourcefire are almost legendary in open source security circles. Roesch is the creator of Snort, the open source intrusion detection/prevention system that became the de facto standard for the entire category. Sourcefire is the company that Roesch formed to both commercialize and continue Snort as an open source project.
Now Sourcefire is launching an entire new approach to today's complex security challenges. They call it Agile Security. With Agile Security Sourcefire says the challenge is to remove beyond static security. They have outlined a process to Agile Security which goes like this:
1. See. Traditional security solutions are mostly blind to their environment and the threats they face. An agile approach provides clarity and vision, reflecting the reality of an environment, as it exists right now.
2. Learn. Applies intelligence to data to improve understanding and decision-making.
3. Adapt. Static approaches limit the ability to tailor protection. Agile Security allows automatic evolution and modification of defenses in response to change.
4. Act. Agile Security provides decisive, flexible and automated responses to events.
I had a chance to meet with Marc Solomon, SVP of marketing and product management for Sourcefire to discuss this new Agile approach to security.
Listen in as Marc and I discuss Agile security, today's security challenges and Sourcefire's continuing commitment to open source.
Enjoy!Security Exe with Ward Holloway, VP of Biz Dev, Firemon
August 16, 2011 12:50 PM PDT
I am happy to be joined today by the new VP of business development at Firemon, Ward Holloway. Ward is a veteran of the security industry having served many years at Crossbeam Systems working with their many partners. Prior to Crossbeam, Ward was with Checkpoint as well.
Ward just joined Firemon and he talks to us about why he joined, what gets him excited by the company. I have been doing some consulting for Firemon so am of course very excited to have Ward on board.
EnjoyThe Open Network: Couchbase Scores 14million In Red Hot Big Data Space
August 11, 2011 01:09 PM PDT
Couchbase the company formed through the merger of Membase and CouchOne (developers of the open source CouchDB)announced that they have raised 14m in new venture capital. This was their C round and was led by new investor Ignition Partners, as well as being joined by their existing VCs.
A very impressive raise for the NoSQL, Big Data solution used by companies such as Zynga (which is also an investor), AOL and others.
I had a chance to sit down with Bob Wiederhold, CEO of Couchbase to discuss the new capital, their commitment to the open source and general state of the NoSQL and Big Data market.
Enjoy!CloudBees - Open Source PaaS Java testing Platform
July 13, 2011 10:20 AM PDT
The CloudBees platform is the first Platform as a Service that lets companies build, test and deploy Java web applications in the cloud. With CloudBees, software teams can move their development and production activities instantly to the cloud, without restrictions or infrastructure costs.
I had a chance to sit and chat with Sacha Labourey, the CEO and founder of CloudBees about the company, as well as the cloud market and opportunity.
It is only a short 13 minute interview that I think you will enjoy!Firemon's Jody Brazil
June 30, 2011 06:27 AM PDT
I have known Jody Brazil at Firemon for a long time. Recently I have been doing some consulting for the company. Jody is always a pleasure to speak with. We could probably go on all day if we were allowed
In this episode Jody tells us about what is new at Firemon including the forthcoming risk analyzer product. We also talk about the state of security and a few other things.
Enjoy!GlobalSign, BioWrap and Securing Data with Digital Certificates
May 27, 2011 05:31 AM PDT
On this episode of Security.Exe I had a chance to talk with Lila Kee, VP of Biz Dev and Chief Product Officer at GlobalSign. GlobalSign is owned by CloudGMO, a large internet and technology company located in Asia. GlobalSign is their digital certificate division.
Lila tells us about the company and specifically their BioWrap technology that brings real management and control over access to data.
The company recently launched a new initiative in the healthcare sector.
Listen in as Lila tells us all about it.
Enjoy!ProofPoint Brings FISMA Certification to Microsoft Cloud Hosting
May 25, 2011 11:25 AM PDT
There has certainly been a big to do over FISMA certification and cloud hosting. Google and Microsoft have traded barbs, insults and law suits over who really has the goods when it comes to being FISMA certified. ProofPoint, a partner of Microsoft's in the cloud based email business has now been FISMA certified along with Microsoft regarding an FDA deployment.
But ProofPoint is more than FISMA, they are a player in the email security and archiving business. I had a chance to sit down with Andrés Kohn and discuss what ProofPoint is all about.
Listen in as Andrés tells us about ProofPoint
Enjoy!Akamai - More Than A Content Distribution Network, They Are A Security Company
May 10, 2011 10:11 AM PDT
I am happy to be joined this week by Andy Ellis and Michael Smith of Akamai. As I wrote about, Akamai is supporting the Security Bloggers Network and promoting their latest research that shows 3 attack trends that threaten your site. Also prior to that Andy and Michael had another great webinar on DDOS attacks.
While most people think of Akamai as a content delivery network company, they are also on the cutting edge of security. Because up to 25% of the content on the Internet goes through their network, they have had to develop their own security solutions that work at that scale and with the problems they face.
Listen in as Andy and Michael tell us about Akamai - the security company!Cloud Ecosystems and Open Source
May 09, 2011 09:31 AM PDT
I am joined on today's show by three companies working together to bring a great cloud offering to market. Cloud.com offers an open source cloud platform called Cloud Stack. Logicworks a premier hosting provider has spun up their Infinicloud service based on Cloud.com's Cloud Stack and Alert Logic, a premier SaaS security provider that protects Logicworks customers in both their traditional hosting business as well as the in the cloud offering.
From Cloud.com, their CMO Peder Ulander is here, from Alert Logic, co-founder and VP of emerging products, Misha Govshteyn and from Logicworks, Director of engineering,Jason McKay.
Listen in to find out that to offer a premier cloud solution today you need premier partnersIs This Town Big Enough For Two WAFs?
March 15, 2011 09:09 PM PDT
About a month ago at the RSA conference we went from having little in the way of open source solutions for web application firewalls to two of them. We previously looked at IronBee the open source WAF project from Qualys and Ivan Ristic. Today we speak with George Hess, CEO of Art of Defence, developers of the open source WAF project.
George says that the big advantage for the open WAF project is that their WAF is a distributed model. The IronBee folks have focused on a different element of WAF. Art of Defence has a history of web application security development. It follows a channel/embedded model and thinks the open source WAF will have a similar path. Listen in as Mr. Hess explains this and more.
Enjoy!Kitware Helps The Eye in the Sky to See
March 01, 2011 12:48 PM PST
Awash in digital images, the US DoD and other government agencies are turning to a surprising source to identify threats. Open source software is powering a lot of the DoD efforts.
The company helping the government is called Kitware. I spoke to Dr. Anthony Hoobs, their director of computer vision.
Fascinating use of open source!What the WAF? - IronBee, an open source WAF
February 28, 2011 11:58 AM PST
Ever since the PCI Council made web application firewalls a part of the DSS there has been a huge hole in the open source security line up for an open source WAF. Now Ivan Ristic of Qualys and the developer of ModSecurity is leading the way with IronBee.
Taking the lessons learned from Mod, Ivan and team are creating a truly open source WAF.
Though still early in the development cycle and not set to be released until sometime around Q3 of this year, IronBee has the look of a winner. With Qualys behind it, it should have the resources it needs to go the distance.
Listen in as Ivan describes his vision for IronBee.CloudLog
February 14, 2011 07:25 AM PST
Open source and open standards are the lingua franca of the Cloud. However, the very nature of the cloud has created challenges to securing and auditing cloud environments. So why shouldn't there by open standards and open source in securing the cloud. CloudLog is a new open standard proposed to the IETF by a number of companies including Alert Logic.
I sit down with Alert Logic co-founder, Misha Govshteyn to discuss this new open standard. How does it play with cloud audit, open stack and other cloud technologies.Secure Cloud Review - Logs and Clouds, Oh my!
February 09, 2011 10:02 AM PST
In this episode of the Secure Cloud Review podcast we have a great panel of cloud security experts. From LogLogic, Dimitri McKay, from Imperva, Noa bar Joseph and last but certainly not least, our own Misha Govshteyn.
The panel discusses the challenges both real and imagined that the cloud poses on the issue of logs management. We also take a look at what the future may hold on this issue.
It is a great discussion and worth your time.It's 10pm, Do You Know Where Your Certificates Are?
February 08, 2011 07:27 AM PST
Certificate proliferation has become a real problem at many enterprises. How many certificates they have, who has access and to what as a result is something that could be keeping you up at night. Many enterprises have hundreds if not thousands of certificates floating around.
On top of this Stuxnet has brought certificate theft into the equation. What can be done to reign in this certificate chaos? Venafi has the answer. They have just released version 6 of their Encryption Director flagship.
I had a chance to sit down with Jeff Hudson, the CEO of Venafi to discuss the state of the digital certificate space and how Venafi is helping. Enjoy!CouchOne and Membase Merge Into NoSQL Powerhouse
February 07, 2011 08:59 PM PST
Two of the leading NoSQL open source database companies merged today to create an open source powerhouse. Membase which powers such companies as Zynga has merged with CouchOne, makers of the widely used and distributed CouchDB.
I speak with James Phillips of Membase and Damien Katz of CouchOne about their new company, Couchbase!Mike Rothman of Securosis on the Dell-Secureworks deal
January 11, 2011 09:23 AM PST
Having a conversation with my friend Mike Rothman is always a lot of fun. Mike has been a guest on my podcast numerous times over the last 5 years or so.
Kicking off 2011 Mike and I discuss the Secureworks acquisition by Dell in some detail. We also talk about how security events may or may not be harm branding. Finally RSA is only a month away and all that entails including the Social Security Bloggers Awards of which Mike is a finalist.Black Duck Software Acquires Olliance Group
January 10, 2011 06:28 AM PST
The big duck in the open source pond completes its 4th acquisition and 3rd in three months. The Olliance Group specializes in advising and consulting with companies in open source strategies. It helps round out Black Duck's holistic, full featured open source management portfolio.
I speak with Black Duck VP of business development, Phil Odence about the particulars of this acquisition and what is in the future for Black Duck.Standing Cloud - A Cloud Age Host For Your Open Source Apps
January 05, 2011 06:17 PM PST
My guest this week is Dave Jilk, CEO of Standing Cloud. Standing Cloud is a cloud based host that allows you to instantly stand up in the cloud (hence the name) over 70 different open source applications and counting!
Listen in as Dave tells what is new since the last time we checked in with Standing Cloud back when they were just in beta.
Standing Cloud recently took in another round of venture money as it sets its mark to lead a new age of web host in a cloudy world.
Enjoy!Open Source CMS - a look ahead
December 20, 2010 11:18 AM PST
I had a chance to sit down with some of the thought leaders in open source CMS. Shaun Walker, CTO and co-founder of DotNetNuke, Todd Barr of Alfresco and Kathleed Reidy of the 451 Group. We discuss the state of the CMS market and why there are so many good open source choices.
The podcast runs a little long at 30 minutes but is well worth the listen.Is Open Source less Secure, are SMBs forced to use Open Source?
November 29, 2010 09:08 AM PST
I had a chance to sit down with Rafal Los, security evangelist at HP. Raf has recently written a blog post that many health care open source programs had serious security issues, but that SMBs were using them anyway.
Are open source programs less secure than others? Do SMBs have a choice? What can we do to make security more important to them? Raf and I discuss all of these things and more.Membase leads the NoSQL movement
November 22, 2010 09:02 AM PST
After nearly 30 years of ruling the roost, relational databases are finding that they have to share the database market with non-relational databases. These NoSQL databases are predominantly open source. In this episode of the open network I speak with James Phillips, co-founder and SVP of products of Membase, one of the leading NoSQL database products.
Membase is the database behind such household tech names as Farmville, Mafia Wars and AOL's ad server network.
Listen to James tell us what is going on in this dynamic marketBlack Duck Becoming the Big Bird in the Open Source Pond
November 17, 2010 10:03 AM PST
My guest today is Phil Odence, VP of business development at Black Duck software. Black Duck recently announced the latest in a string of acquisitions that the company has made. They acquired SpikeSource, a well known open source company that was led until recently by Kim Polese. Of course Polese is best known for her work starting Java and then Marimba.
But SpikeSource is only the latest acquisition by Black Duck which has moved from helping people track open source usage and licenses to becoming in their own words "the leading global provider of products and services for accelerating application development through the managed use of open source software".
So listen to my fellow Queens/Long Island native Phil Odence tell us what is going on with Black Duck and what we may see in the future.The Open Network - Dynamic Perception, Open Source for Movies and Video
October 29, 2010 07:42 AM PDT
My guest this week on The Open Network is Chris Church, founder and partner in Dynamic Perception. Chris and his company are bringing open source hardware and software to the motion capture film, photography and video world. Chris is the driving force behind Open MoCo the open source project and community. Dynamic Perception is the commercial entity bringing much of the Open MoCo platforms to market.Open Network for Network World
October 14, 2010 12:45 PM PDT
Today's guest is Matt Jonkman of Emerging Threats Pro. He talks about the open source IDS scene, Snort, Sourcefie, Suricata and more. If you are into open source security and IDS/IPS, this is a great one to listen to!CoreTrace blends blacklisting with its leading whitelisting technology
October 12, 2010 06:31 AM PDT
Toney Jennings, CEO of CoreTrace Technologies is an old friend of mine from the NAC Wars. Toney was CEO of Mirage during its heyday. Since then Toney has been leading the call for whitelisting as a better way of protecting the network then blacklisting.
With the newest release of CoreTrace Bouncer, Toney and company have now combined blacklisting technology with their best-of-breed whitelisting features. But make no mistake, blacklisting is the tail of the dog here. The big dog at CoreTrace is still whitelisting.
I had a chance to sit down with Toney and CoreTrace VP of Marketing JT Keating to discuss. Enjoy!Logs, Clouds and Open Source, Oh My!
October 08, 2010 06:49 AM PDT
Why can't I have logs with my Amazon Cloud? So asked Misha Govshteyn, CTO of Alert Logic on Secure Cloud Review in response to an article on logs and clouds by Andreas M. Antonopolous in Network World. Why can't Misha have logs with his Amazon? I have assembled an all star cast of log experts to discuss this issue.
The answer may be that you will soon and you it may be open standards, open API and open source that will make it possible.
So listen in as Andreas M Antonopolous, SVP and co-founder of Nemertes Research, Misha Govshteyn, CTO and co-founder of Alert Logic, Raffael Marty, co-founder of Loggly, a Log as a Service provider and Dr. Anton Chuvakin, Security Warrior join me to discuss logs in a cloudy world.
Enjoy!MindTouch releases Technical Communications Suite
September 29, 2010 08:57 AM PDT
MindTouch CEO Aaron Fulkerson talks about the latest tools from the minds at MindTouch. Their Technical Communications Suite makes it easy to publish, use and manage web based technical documentation and content.Security Consolidation
September 28, 2010 08:49 AM PDT
A while back I wrote a blog article about all of the recent M&A activity in security. I speculated that we might be seeing the end of the stand alone security company. This prompted a flurry of twitter activity. So I invited Martin J. Fisher of the Southern Fried Security Podcast and Michael Monticiello from IBM on to the show to share their views and talk about what is driving all of these dollars being spent on security companies. We have about a half hour conversation which I think you will enjoy.Mirror, Mirror on Wall Which is the best Open Source DB of Them All?
September 20, 2010 09:43 AM PDT
I am joined today on the Open Network Podcast for Network World by two guests. First is Robin Schumacher, director of product strategy for EnterpriseDB and Selena Decklemann, PostgreSQL major contributor.
We discuss a range of topics including the major new release of PostgreSQL and some of its exciting new features. The future of an Oracle owned MySQL, Java One and the state of open source databases.Gary Fish of FishNet Security
September 14, 2010 07:55 AM PDT
I am joined by an old friend Gary Fish of FishNet Security. Fishnet just completed a survey on what is keeping security people and business executives up at night in terms of threats. Some of the answers are obvious and some are not. Listen in to hear what Gary has to say.Steve Lesem of Mezeo on Cloud APIs
September 01, 2010 09:46 AM PDT
Mezeo CEO Steve Lesem joins me to discuss open source cloud APIs.Will the Cloud Kill the SIEM Star?
August 30, 2010 10:30 AM PDT
In this episode of the Security.Exe podcast we examine an opinion recently voiced on the Secure Cloud Review site that the spread of Cloud Computing will have a negative impact on the SIEM Market. I am joined on this episode by Misha Govshteyn, CTO of Alert Logic who wrote the post on SecureCloudReview.com and Andrew Hay, senior analyst at the 451 Group.
Andrew, Misha and I spend some talking about how the dominance of cloud computing will change the security sector, what jobs in security will be hot in the cloud and why should you care about all of this.
So join us for about 40 minutes of great discussion on clouds and security.The Open IDS Wars - You Are There
July 30, 2010 09:50 AM PDT
Mitchell and I play Uncle Walter Cronkite giving you a "You Are There" view of the Genesis of the current Open IDS Wars.Larry Augustin, SugarCRM
July 16, 2010 02:05 PM PDTSecurity.Exe Powered by The CISO Group w/ Marc Maiffret
July 13, 2010 01:00 PM PDT
Marc Maiffret has rejoined eEye Digital Security as CTO. He sits down with me to discuss why, the state of security and what we can expect to see.Security.exe with Alan Shimel with guest Caleb Sima
May 28, 2010 12:08 PM PDT
My guest for this episode is Caleb Sima, CEO of Armorize and founder of SPI Dynamics. Caleb tells us what he has been up to and why he was so excited with Armorize that he took the CEO position there.
Enjoy!Security.Exe, episode 2 -eEye and CybeRoam talk Security 2010
February 04, 2010 12:30 PM PST
Here is the 2nd episode of the security.exe podcast. Unfortunately Mitchell Ashley is unable to join me. Mitchell’s wife has been battling breast cancer for almost 5 years and her condition has taken a turn for the worse. We wish Mitchell and his family strength and prayers at this trying time.
I do have two great guests on this episode though. Morey Haber of eEye and Alex Quinonez from CyberRoam join me to discuss what is on the security horizon for 2010. I think you will find it an insightful conversation!
We talk about Aurora, iPad, Cloud Security and a bunch of other topics that we see as being relevant to the discussion around security 2010.
I hope Mitchell will be able to join us again soon. Until then we will have some special guest hosts and other special guests on the podcasts.
Enjoy!Security.Exe powered by The CISO Group with Alan Shimel and Mitchell Ashley
January 26, 2010 11:23 AM PST
Well we are at it again! Mitchell and I debut our old/new podcast under the Security.Exe name. Of course it is powered by The CISO Group our new company. But it is the same old Mitchell and Alan. Besides talking a bit about The CISO Group (not enough in my opinion), Mitchell and I spend a bit of time going down an Alice in Wonderland rabbit hole. We talk about Google/China, APT, why we are not secure in general, what consumers want in security and a bunch of other things. I was about to break out some beers, as the two of us wax on (or is it wax off) poetically about things.
Anyway, now that we have that out of the way, Mitchell and I will be podcasting quite a bit. We hope to be joined by our fellow CISO Group partners, Parker, Josh and Bobby in future episodes. Of course we will have special guests as well. So stay tuned as we crank this baby up!The Alan & Mitchell Podcast - Who is that masked man?
December 02, 2009 12:41 PM PST
Hi-Yo Silver, Away! The Lone Ranger rides again. Well in this case the only thing silver may be his hair. But at least he has his hair, which is more than I can say. Mitchell and I are happy to be joined this week by our old friend and once again chief Security Inciter, Mike Rothman. It is always a pleasure to have Mike on and he is never at a shortage of things to say.
Mike, Mitchell and I discuss post-vendor puke life for all three of us. What’s next for us? Well you will have to listen to the show to know. Of course a podcast with the three of us would not be complete without ragging on some security issues. So we discuss the recent lawsuit against the POS provider for capturing and storing mag data from credit cards. Did IBM overpay for Guardium? Is the new “black screen of death” a hoax or has someone gamed Microsoft’s patch process? Finally, what drives so many powerful, successful men to think they can get away with anything and do stupid things ala “Cheetah” Woods?
Anyway, always good to have Mike on the show and we will have him on again soon!The Alan and Mitchell Show back at it again!
November 11, 2009 09:03 PM PST
Well it has been too long. I am happy to welcome Mitchell Ashley back as the co-host of the podcast. It sort of felt like Martin and Lewis getting together (or for some of you younger folks, Cheech and Chong). Anyway I am happy to have Mitchell back doing the show with me. We work well together. In tonights episode we talk about a few topics:
1. Is the CISO role really best suited to a consulting gig
That brings us to the naming contest. A free T-shirt and appearance as a guest to the person who suggests the new name for the podcast. You can leave a comment or email me at ashimmy (at) hotmail dot com
Hope you like the show and we will try to do them much more regularly now!Is the cloud ready for prime time and is it secure enough?
August 19, 2009 04:48 AM PDT
This is episode one of a multi-part series on cloud services and their security. I am joined by Roger Barranco and Jeff Slap of Host.net, a cloud provider and StillSecure partner. Roger, Jeff and I talk about host.net's cloud offerings and how they are securing them. It is one companies take on fullfilling the demand for this hot technology. In future episodes we will have some guests from other providers to share their plans and opinions on how best to offer a secure cloud service.
Episode 65 - Jody Brazil of Secure Passage on SSAATY
February 27, 2009 09:53 PM PST
Mitchell and I are joined tonight by Jody Brazil, CTO of Secure Passage, makers of firemon firewall management software.Episode 64
February 12, 2009 09:04 PM PST
Its just Mitchell and I talking tonight. We talk about StillSecure's acquisition of ProtectPoint. We talk about Windows 7 and what it means. We also talk about a bunch of other stuff including NAC, the economy, what Mitchell is up to, etc.
The usual SSAATY stuff, enjoy!
StillSecure, After all these years, episode 62 - Mike Rothman
November 29, 2008 10:12 AM PST
Mitchell and I are joined by our friend Mike Rothman for this show taped on Thanksgiving Eve. Mike has "taken off the objectivity suit" and is now a vendor puke for eIQ Networks. Mike talks about his reasons for taking the job, what eIQ is about and what about the analyst gig.
We also discuss with Mike some of the latest news in security. As always, Mitchell and I have a great time with Mike and the time goes by too quickly. I am sure you will enjoy what Mike has to say as well.
Mitchell and I had two shows taped, so rather than wait I released them both . We have another one ready to go in the next week or so as well, so stay tuned.
Thanks to Pod0matic for hosting our podcast. Tonight's music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
Enjoy the podcast!Episode 59 - Mike Murray
October 16, 2008 05:55 PM PDT
Mike Murray joins Mitchell and I for a good look at the state of security, security expertise and our economy.
Episode 58 - Bill Brenner
September 29, 2008 12:15 AM PDT
Mitchell and I are joined this week by Bill Brenner. Bill is the senior editor at CSO Online. We have been trying to get him on as a guest since he was with searchsecurity.com!
The interview with Bill does not come on until around 17 minutes in. Mitchell and I first talk about a mess of things including Apple, Green NAC (but not Green Apples), M&A in security, etc.
Its good to be doing these podcasts regularly again. Hope you enjoy it!
If you have any questions, write to us at email@example.com
StillSecure, After All These Years #57 - Tom Noonan Interview
September 16, 2008 07:15 PM PDT
In episode #57 Alan and Mitchell interview industry luminary Tom Noonan, co-founder and former CEO of Internet Security Systems (ISS). Following IBM's acquisition and integration of ISS, Tom recently retired from IBM and is on the advisory board of Network-Based Entitlement Control (NBEC) company Rohati (http://www.rohati.com). Tom efforts at ISS truly helped shape the security industry by creating early automated vulnerability and intrusion detection products, the X-Force security research team, and ushered in the era of UTMs (Unified Threat Management). We spend some time understanding both how the security industry has changed and how the lessons from building ISS into an industry powerhouse apply to today's security market.SS #56 - Michael Montecillo of EMA
September 07, 2008 09:58 PM PDT
Michael Montecillo, a security practitioner who now works for analyst firm Enterprise Management Associates (EMA) covering the security industry, joins us to talk everything from the undue influence and power of analysts on the market, to promoting Michael in a Brazilian Jujitsu match. How much do vendors influence analysts? Are analysts really independent when vendors hire them as consultants? Can vendors influence the amount and kind of coverage they get? Some analysts have taken to the practice of making predictions, like Gartner’s death of IDS, or Microsoft catering by 2011. We also turn the SSAATY Spotlight on Symantec who’s cannibalizing sales from their channel and the impact to Microsoft’s partners for the new hosted Microsoft Online Services. We record tonight’s podcast in the studios of Medioh thanks to our friend and faithful podcast engineer Scott Converse. Scott also gives an update on Medioh and the new video guide capabilities.
StillSecure, After all these years, #55 - JJ in the house
June 29, 2008 09:09 PM PDT
Episode 55 of SSAATY is a fun one. Mitchell and I are joined by JJ, Jenifer Jabbusch of Security Uncorked blog. JJ is someone I have gotten to know over the last year or so and she is a lot of fun. On top of that she is very technical and huge supporter of 802.1x, NAC and security in general.
JJ, Mitchell and I talk abour Rohati, NAC, 802.1x and a bunch of other stuff in our usal rambling, stream of consciousness style. It is about 40 minutes of informative good times.
If you like the content of these shows or have any other comments or questions, please drop us a line at firstname.lastname@example.org
Thanks to pod-o-matic for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, #53 - SSAATY meets the Network Security Podcast
February 13, 2008 06:28 PM PST
Someone put chocolate in our peanut butter! Mitchell and I are lucky to be joined today by the dynamic duo of the Network Security Podcast, none other than Martin McKeay and Rich Mogull! In this Flintstones meet the Jetsons episode, the four of us discuss a couple of topics. Among them are: 1. What right to privacy do you have to information you post on line. Can employers use your "personal" web postings against you? As social networking proliferates can we keep a handle on what is known about us on line? 2. HP claims they employ 9 of the top 11 security hackers. What about Microsoft? Who are we kidding here? 3. A special message for security bloggers, podcasters and media types attending RSA. If you don't know what we are talking about, be sure to contact us at email@example.com If you like the content of these shows or have any other comments or questions, please drop us a line at firstname.lastname@example.org Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #37 - Paul Congdon, CTO of HP ProCurve
April 20, 2007 05:29 AM PDT
Mitchell and I have a special guest, Paul Congdon, CTO of HP ProCurve. Paul drives a lot of ProCurve's vision, especially around security. Paul and ProCurve recently announced some new products in network security. Paul is a very interesting and nice guy and I think the interview is very interesting! In this weeks Converging Minute, Mitchell discusses a new SMB convergence box from Cisco. In This Week in Security, we discuss the recent Misfire by Sourcefire and the DNS vulnerability in Microsoft DNS servers. If you like the content of these shows or have any other comments or questions, please drop us a line at email@example.com Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #34
March 26, 2007 05:07 PM PDT
Mitchell and I are back after a week hiatus. Mitchell is in the middle of a road show, we carved out a quick half hour to discuss some security. No special guest, just Mitchell and Alan talking security. In this weeks Converging Minute, Mitchell discusses "software appliances". In this week in security, we discuss: 1. Some of the controversy around the "fighting 59 list" and security blogging elitism 2. NAC, is bloom off the rose? 3. High performance teams 4. Symantec - are they still relevant in the AV market Hope you enjoy the show and be sure to catch next weeks show, where Mitchell and I will make a major announcement about some of the work Mitchell and team have been working on. If you like the content of these shows or have any other comments or questions, please drop us a line at firstname.lastname@example.org Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #33 Alan, Martin and Mitchell
March 07, 2007 07:48 AM PST
No, it is not a remake of an old 60's folk song (Abraham, Martin and John), but the newest member of the StillSecure blogging/podcasting corps, Martin McKeay joins Mitchell and I for a look at whats happening in security. It is a bit long, but we cover some good topics. In this weeks Converging Network, Mitchell talks about open source business models and licenses and how it is changing. In This Week in Security, the three of talk about: 1. Open Source licenses 2. Symantec banging on Vista 3. Randal Schwartz's party for "nothing" 4. Sourcefire IPO If you like the content of these shows or have any other comments or questions, please drop us a line at email@example.com Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, episode #31
February 20, 2007 09:10 AM PST
Mitchell and I are over our RSA hangovers and back to it. Episode 31 does not have any special guest appearances. Its just Mitchell and I talking security. In the Converging Minute, Mitchell talks about Unified Network Platforms. In this week in security we talk about industry consoildation, John Thompson and Symantec's future, another patch Tuesday from Microsoft and a few other things. Have a listen and enjoy! If you like the content of these shows or have any other comments or questions, please drop us a line at firstname.lastname@example.org Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #30 - A Pragmatic CSO, part 2
January 31, 2007 05:06 PM PST
Please join Mike Rothman, Mitchell and I for part 2 of our in depth look at the Pragmatic CSO. In this concluding interview, we discuss steps 7 through 12, as well Mike's plans for expanding the Pragmatic CSO program. If you have not done so already, please listen to part 1 first. Both of these podcasts are of high audio quality and great content. Steps 7 through 12 discussed in this podcast are: Step 7: Operate/Monitor Step 8: Contain the Problem Step 9: Train the Users Step 10: Assure Your Defenses Step 11: Benchmark Your Progress Step 12: Comply without Going Nuts If you like the content of these shows or have any other comments or questions, please drop us a line at email@example.com Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley! Next week look for daily updates from Mitchell and I from RSA. Enjoy!
StillSecure, After all these years, Podcast #29 - A Pragmatic CSO, part 1
January 27, 2007 01:31 AM PST
His name is Mike and he is a security-holic. Running from fire to fire, his life is just not fun. Bringing order to this chaos and a method to the madness is the Pragmatic CSO, a 12 step program to being a Security Master. Mike Rothman is trying to show us a better way. His book on the subject is garnering lots of attention, as well it should. Join Mitchell and I as Mike gives us one of the first in depth interviews into the real "Pragmatic CSO". We really dig into the 12 steps and find out what the Pragmatic CSO program really is. In part 1 of this special edition we cover the first 2 sections of the book including: Step 1: Assess the Value of Your Business Systems Step 2: Baseline Your Environment Step 3: Manage Expectations Step 4: Build Your Security Business Plan Step 5: Sell the Story Step 6: Procure the Solution If you are curious what the Pragmatic CSO is really all about, you should not miss this discussion. We hope you enjoy the show and please send any questions, comments or suggestions to us at firstname.lastname@example.org Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #27 - Panel on the future of VM
January 11, 2007 01:54 PM PST
Happy New Year and welcome to episode 27 of StillSecure, after all these years. This first show of the new year is a great one with a cast for the ages. Mitchell and I put together a panel of some of the leading vendors and names in the vulnerability management space discussing the present state and future of vulnerability management and assessment. The panel is made up of: Ron Gula - CTO and CEO of Tenable Network Security Ross Brown - CEO of eEye Digital Security Tim Keanini - CTO of nCircle Mike Rothman - author and analyst from Security Incite and the Pragmatic CSO and Mitchell Ashley - CTO of StillSecure We discuss topics including configuration management, security auditing, scanning, patching. agentless versus agent based vulnerability assessment, etc. It is a great show with some really smart people in the VM space. Hope you enjoy it! We hope you enjoy the show and please send any questions, comments or suggestions to us at email@example.com Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #23
December 05, 2006 04:01 AM PST
Episode 23 of the podcast is here. This epidsode features part 1 of our interview with Amrit Williams, CTO of Big Fix and former Gartner Analyst. In this part 1 of the interview, Amrit talks about his life and career. We also spend a lot of time talking about the analyst game and relationships between vendors, analysts and customers. Part 2 of Amrit's interview will be in episode 24. In "The Converging Minute" Mitchell talks about how open source is a factor in network convergence. "This Week in Security" discusses: The Dawn of Vista The US-CERT advisory on cyberterrorism The recent brouha over analysts moving to vendors We hope you enjoy the show and please send any questions, comments or suggestions to us at firstname.lastname@example.org Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #22
November 27, 2006 12:18 PM PST
StillSecure, After all these years, episode #22 is here. This weeks interview is very good. Mr. Amith Krishnan, Senior Security Product Manager from Microsoft is our guest. Amith works in the NAP group. For all of you who have questions about NAC, NAP, TCG/TNC, Vista, etc., there are lots of answers here. Be sure to listen! In this weeks Converging Minute, Mitchell talks about COTS hardware making custom network appliances obsolete. For "This Week in Security", Mitchell and I talk about: The new SANS Top 20Symantec release a beta of Norton Internet Security 2007 with Vista supportCheckpoint buys PointSec We hope you enjoy the show and please send any questions, comments or suggestions to us at email@example.com Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com. Music transitions between segments are by our own Mitchell Ashley!
StillSecure, After all these years, Podcast #20
November 09, 2006 05:20 AM PST
Tonights guest is Andrew Braunberg, Senior Analyst of Current Analysis. Andrew's groundbreaking research on trends in the NAC market is quickly becoming the authority on all things NAC. We discuss NAC with Andrew, lots of good stuff covered. In "This Week in Security", Mitchell and I discuss:The Microsoft-Novell deal - What is really behind all of that up front money being paid.Private company financial results , who are they meant to impressThe sorry state of some security tradeshows that Mitchell and I have visited lately We hope you enjoy the show and please send any questions, comments or suggestions to us at firstname.lastname@example.org Thanks to ClickCaster for hosting our podcast. Tonights music is the usual, To the Summit by Jon Schmidt. You can hear more from Jon at http://www.jonschmidt.com
StillSecure, After all these years, Podcast #18
October 17, 2006 08:07 PM PDT
Episode 18 is a special one. Mitchell and I were both in Boulder at the same time along with our special guest Mike Rothman of Security Incite. We all went down to the ClickCaster studio and did this episode in person. None other than Scott Converse, ClickCaster CEO served as our sound engineer, so it should be better than our usual quality. A great way to do a podcast and we hope you enjoy it! Tonights episode is one big this week in security. Mitchell, Mike and I speak about: 1. McAfee and Symantec's recent announcements regarding the future direction of their products2. Zero day attacks and Less then Zero attacks3. Mike's recent experience with Network World4. Mitchell's real life experience with ID theft Hope you enjoy the show and please send any questions, comments or suggestions to us at email@example.com As usual an extra special thanks to ClickCaster for all of their help and well as hosting our podcast.Tonights music is the usual To the Summit by Jon Schmidt. You can hear more from Jon at http://www.johschmidt.com
Alan Shimel talks security, IT and life
Subscribe to this Podcast