Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to have joined us.
Amrit Williams, BigFix CTO talks to Brad Arkin, Adobe Systems director of security and privacy, about Adobe’s programs to improve security properties of its widely used software products both during development and after release to the field.
Amrit Williams, BigFix CTO continues his conversation with Adam Shostack, Emergent Chaos leader of the band, about the tradeoffs of emphasizing security versus user experience in software development. Amrit asks the question why shouldn’t security be built into software instead of being treated as an add-on?
Amrit Williams, BigFix CTO, begins a three part conversation with Adam Shostack, bandleader of the Emergent Chaos blog site and author, most recently of “The New School of Information Security,” co written with Andrew Stewart.
Amrit Williams, BigFix CTO talks with Peter Kuper, former analyst Morgan Stanley and SC Gowen, now associated with the IANS organization on the impact of the recession on the security industry.
Amrit Williams, BigFix CTO, continues his conversation with Al Huger, founder of Immunet, focusing on how the explosion in the types of malware has completely overwhelmed conventional anti-virus technologies and how Immunet is developing community-based solutions to the malware problem.
Amrit Williams, BigFix CTO, talks with Al Huger, serial security start-up entrepreneur, on Huger’s latest venture, Immunet. Huger believes that the rapid mutation of malware has oustripped the ability of signature-based anti-virus products to cope with it.
In this third conversation between BigFix CTO Amrit Williams and Cambridge Infosec Associates principal Nick Selby, Selby says that between IT security, operations and general management suffer greatly from poor communications.
BigFix CTO Amrit Williams continues his conversation with Cambridge Infosec Associates principal Nick Selby, turning to Selby’s view that too many organizations confuse IT compliance with security.
BigFix CTO Amrit Williams and Nick Selby, co-founder of Cambridge Infosec Associates talk about Nick’s new security risk management consultant company.
BigFix CTO Amrit Williams gets the low down on the Security B-Sides events from Jack Daniel, self-described Security Curmudgeon. Security B-Sides have grown up rapidly as a forum for papers and and presentations that did not make it on to the official program at Black Hat and Defcon Conferences due to time and logistics limitations. Visit www.securitybsides.com
BigFix CTO Amrit Williams meets up with IT Security Curmudgeon Jack Daniel to talk about practical approaches to IT security for small and medium businesses (SMB). For more on Jack Daniel, visit http://blog.uncommonsensesecurity.com/
BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?
BigFix CTO Amrit Williams, speaks with Ryan Russell
BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman conclude their discussion on web application security by looking at ways organizations can build in security features and resistance to attack over the life cycles of in-house developed web applications.
BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman continue their discussion on web application security by looking at what kinds of operational controls organizations can institute to enable more effective management and protection of web applications over their life cycles.
Amrit Williams, BigFix CTO begins a three-part discussion with Jeremiah Grossman, CTO of White Hat Security on web application security.
Part III of the conversation with Amrit Williams, Michael Smith and Dan Philpott moves on to look at private sector adoption of government-developed IT security standards and policies, a field guide to current NIST FISMA documents, and which private organizations—mostly government contractors–must comply with government security standards.
Part II of this discussion involving Amrit Williams, Michael Smith and Dan Philpott focuses on recent policy developments in the US, in particular legislation currently in the US Congress to modify or replace the Federal Information Security Management Act with new laws, whether the establishment of a US Military Cyber Command is a military necessity or a maneuver to attract funding, and whether the intense effort to legislate and regulate represents an effort to compensate for a shortage of human cybersecurity expertise.
Begins a three part discussion with Michael Smith, self-described Guerilla CISO and Dan Philpott, the instigator of the www.fismapedia.org wiki site on latest thinking on the rapidly developing fields of cyberdefense and cyberwarefare. Planners, policy makers and practitioners face multi-faceted dilemmas in this field.
Amrit Williams, CTO of BigFix, Inc. talks to long time secure payments consultant Michael Dahn about whether the current Payment Card Industry (PCI) standards, by their prescriptive nature, lead to organizations focusing on standards compliance at the expense of more effective security measures.
Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Chief Analyst of Securosis discuss Project Quant, a Microsoft-sponsored research effort to better understand the software patch and update process from both the software vendor and software licensee points of view. Rich and Amrit invite listeners to participate in the survey posted on www.securosis.com
Amrit Williams, CTO of BigFix, Inc. and Joshua Corman, Security Strategist at IBM Infomation Security Solutions (ISS) contend that the only way to fight the escalating cost and complexity of IT security is to embrace change and leave outmoded practices and technologies behind. Ironically, even as agile security professionals make change, they discover that many compliance regimes and other “best practices” force them to dedicate scarce resources to address yesterday’s threats.
Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), continue their conversation on the relationship between IT service management and IT incidence response management.
Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), begin a two part discussion on security and system management convergence by looking at what keeps the two disciplines siloed from each other although both sides recognize the benefits of seamless collaboration.
Amrit Williams, CTO of BigFix, Inc. speaks with Mike Rothman, founder of Security Incite and Senior Vice President of eIQ Networks on the need to secure information wherever it resides or travels, and a pendulum shift away from log management back to situational awareness.
Amrit Williams, CTO of BigFix, Inc. and Aaron Bawcom, VP of Engineering of Reflex Systems discuss Bawcom’s new book “Virtualization for Security.” Bawcom believes that virtualization represents the most profound technology shift since the introduction of the IP protocol and will have a double impact on enterprise information security. As as listening to the podcast, audience members can find out more about Bawcom’s book at http://tinyurl.com/pd3ryj
Amrit Williams, CTO of BigFix, Inc. and Ron Bennatan, CTO of Guardium note that as security attacks increasingly emphasis theft of financially valuable data, this puts databases in hackers’ cross hairs. Since many databases can trace their lineages back 20 years or more, this often presents the technical and cultural conundrum of how to protect 20th century assets against 21st century attacks. This podcast also mentions Bennatan’s new book “How to Secure and Audit Oracle 10g and 11g, with more information on this work at http://tinyurl.com/pgzbvj
Amrit Williams, CTO of BigFix, Inc. speaks with Johnny Long, founder of Hackers for Charity, about Long’s journey from the pinnacle of conventional IT industry career success to his decision to redirect his expertise to helping charitable organizations leverage computer technology to fight poverty and bring new opportunities to some of the poorest communities on earth. Amrit and Johnny invite listeners to learn more at www.hackersforcharity.org
Amrit Williams, CTO of BigFix, Inc. and co-worker Ryan Russell, IT Director at BigFix review the latest edition of “Stealing the Network: The Complete Series Collector’s Edition,” co-authored by Ryan, Johnny Long and Timothy Mullen. More information on this book and others in the “Stealing the Network” series is available at http://tinyurl.com/ryscz2
Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR continue their discussion of cyber defense by reviewing the role of NICOR and similar organizations in helping various government agencies understand and coordinate their cyber defense programs and how private organizations can better understand their role in national cyber defense efforts and play a positive role in both securing their own assets and contribute to socially beneficial efforts across the economy.
Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR discuss the rapid evolution of state- and terrorist-sponsored cyber-warfare from a hypothetical threat to a current reality.
Amrit Williams, CTO of BigFix, Inc. and Dr. Peter Tippett, Vice President of Innovation and Technology, Verizon Business Services review findings from Verizon’s 2009 Data Breach Investigations Report.
Amrit Williams, CTO of BigFix, Inc. and Forrester Research, Inc. Analyst Doug Washburn talk about the surprisingly slow uptake of green computing technologies in enterprise infrastructures.
Amrit Williams, CTO of BigFix, Inc. and Sean Goings, Business Development Manager of TAC Americas, a physical facilities engineering firm, discuss overcoming the barriers to cooperation between physical facilities and information technology professionals.
Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Principal Analyst of Securosis www.securosis.com) discuss Securosis’ recent research on managing security risks posed by web applications to enterprise IT.
Amrit Williams, CTO of BigFix, Inc. and Patrick Peterson, Cisco Fellow and Chief Security Researcher at Cisco Networks talk about recently widely publicized security breaches and public, government and security expert research response to them. How can society make decisions in an information environment characterized by secrecy and special interest agendas?
Amrit Williams, CTO of BigFix, Inc, and Alex Hutton of Verizon Business Systems Cybertrust, discuss what it takes to practice a truly sophisticated approach to IT security risk management.
Amrit Williams and RSA VP of Product Management and Strategy Sam Curry discuss how the IT community is coming to terms with an inexorable migration of computing services to the cloud.
Amrit Williams, CTO of BigFix, Inc., and Sam Curry, VP of Product Management and Strategy at RSA, The Security Division of EMC, review the current debate on whether IT security is about keeping bad things from happening, or as a means to enable business value generation.
Amrit Williams, CTO of BigFix, Inc.and Rick Wesson, CEO of Support Intelligence, (www.support-intelligence.com) discuss industry efforts to combat the Conficker Worm that go beyond passive anti-malware actions to encompass measures to disrupt the worm and its perpetrators.
Note: This podcast has been reposted in transcript form due to technical difficulties in the original MP3 file. Click Here for the Transcript
Amrit Williams, CTO of BigFix, Inc. and Jose Nazario, Manager of Security Research at Arbor Networks, discuss industry response to the Conficker worm, highlighting the work of the industry-wide Conficker Working Group (www.confidantckerworkinggroup.org).
Note: This podcast has been reposted in transcript form due to technical difficulties in the original MP3 file. Click Here for the Transcript
Amrit Williams and Dave Watson, Chief Technology Officer of Mede discuss the impact of high-impact healthcare industry regulations including the Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA) and Payment Card Industry (PCI) on IT security and systems management programs in the healthcare industry.
Amrit Williams and Adrian Lane, Security Strategist at IT security consultancy Securosis www.securosis.com) discuss the implications of taking a data protection-focused approach to IT security. In particular, the rise of technologies such as virtualization, software as a service (SaaS), cloud computing, mobile computing and the Internet itself mean that data is moving around like never before, rendering physical asset-focused approaches to security increasingly obsolete.
Amrit Williams and Concord Hospital (Concord, NH) Director of Security Architecture Mark Starry discuss how initiatives such as HIPAA, electronic medical records, privacy, and doctor’s clinical needs influence security and system management programs in a healthcare delivery organization.
Amrit Williams and IBM’s Scott Johnson discuss the market trends that influenced development of the new IBM Proventia ESC product.
Amrit Williams and guest David Mortman, CISO in Residence, Echelon One discuss PCI and Compliance Initiatives.
Amrit Williams and guest Michael Santarchangelo discuss Santarchangelo’s new book, Into the Breach, on human factors influencing enterprise IT security. Podcast listeners can receive a 25% discount on Into the Breach by using the promo code “bigfix” at checkout.
Amrit Williams and Paul Roberts, senior analyst at the 451 Group discuss US government security policies, in particular whether hiring a Cyber Security Czar will bring about improved coherence in US government information security policy.
Amrit Williams and guest Andy Purdy discuss the state of US government IT security policies and initiatives at the dawn of the Obama administration.
Amrit Williams and Paul Roberts, senior analyst at the 451 Group, discuss the implications of a cyber security break in at Kaspersky Lab, a well-known anti-malware solutions vendor.