Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to have joined us.
Beyond the Perimeter iTunes subscription
Beyond the Perimeter Direct XML Feed
Episode 50 – Information Security and the Application Stack–Part 1
Amrit Williams, BigFix CTO talks to Brad Arkin, Adobe Systems director of security and privacy, about Adobe’s programs to improve security properties of its widely used software products both during development and after release to the field.
Episode 49 – Do We Need to Regulate Software Development?
Amrit Williams, BigFix CTO continues his conversation with Adam Shostack, Emergent Chaos leader of the band, about the tradeoffs of emphasizing security versus user experience in software development. Amrit asks the question why shouldn’t security be built into software instead of being treated as an add-on?
Episode 48 – Overcoming the IT Security Crisis
Amrit Williams, BigFix CTO, begins a three part conversation with Adam Shostack, bandleader of the Emergent Chaos blog site and author, most recently of “The New School of Information Security,” co written with Andrew Stewart.
Episode 47 – The IT Security Industry Winter
Amrit Williams, BigFix CTO talks with Peter Kuper, former analyst Morgan Stanley and SC Gowen, now associated with the IANS organization on the impact of the recession on the security industry.
Episode 46 – Coping With the Malware Explosion
Amrit Williams, BigFix CTO, continues his conversation with Al Huger, founder of Immunet, focusing on how the explosion in the types of malware has completely overwhelmed conventional anti-virus technologies and how Immunet is developing community-based solutions to the malware problem.
Episode 45 – Clouds, Communities and New Models for Anti-Virus
Amrit Williams, BigFix CTO, talks with Al Huger, serial security start-up entrepreneur, on Huger’s latest venture, Immunet. Huger believes that the rapid mutation of malware has oustripped the ability of signature-based anti-virus products to cope with it.
Episode 44 – Can IT Security, Operations, and Senior Management Speak the Same Language?
In this third conversation between BigFix CTO Amrit Williams and Cambridge Infosec Associates principal Nick Selby, Selby says that between IT security, operations and general management suffer greatly from poor communications.
Episode 43 – The Oil and Water Relationship of Compliance and Security
BigFix CTO Amrit Williams continues his conversation with Cambridge Infosec Associates principal Nick Selby, turning to Selby’s view that too many organizations confuse IT compliance with security.
Episode 42 – The Education of an IT Risk Management Consultant
BigFix CTO Amrit Williams and Nick Selby, co-founder of Cambridge Infosec Associates talk about Nick’s new security risk management consultant company.
Episode 41 – Security B-Sides: Party With a Purpose
BigFix CTO Amrit Williams gets the low down on the Security B-Sides events from Jack Daniel, self-described Security Curmudgeon. Security B-Sides have grown up rapidly as a forum for papers and and presentations that did not make it on to the official program at Black Hat and Defcon Conferences due to time and logistics limitations. Visit www.securitybsides.com
Episode 40 – Taking Care of the Fundamentals
BigFix CTO Amrit Williams meets up with IT Security Curmudgeon Jack Daniel to talk about practical approaches to IT security for small and medium businesses (SMB). For more on Jack Daniel, visit http://blog.uncommonsensesecurity.com/
Episode 39 – Compliance: Security Floor or Ceiling?
BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?
Episode 38 – Black Hat, Defcon, Hackers for Charity and More
BigFix CTO Amrit Williams, speaks with Ryan Russell
Episode 37 – Securing Web Applications: Improving the Application Development Life Cycle
BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman conclude their discussion on web application security by looking at ways organizations can build in security features and resistance to attack over the life cycles of in-house developed web applications.
Episode 36 – Securing Web Applications: Instituting Operational Controls
BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman continue their discussion on web application security by looking at what kinds of operational controls organizations can institute to enable more effective management and protection of web applications over their life cycles.
Episode 35 – Securing Web Applications: Surveying the Threat Landscape
Amrit Williams, BigFix CTO begins a three-part discussion with Jeremiah Grossman, CTO of White Hat Security on web application security.
Episode 34 – Cybsersecurity, Cyberdefense and Cyberwarfare: Part III
Part III of the conversation with Amrit Williams, Michael Smith and Dan Philpott moves on to look at private sector adoption of government-developed IT security standards and policies, a field guide to current NIST FISMA documents, and which private organizations—mostly government contractors–must comply with government security standards.
Episode 33 – Cybsersecurity, Cyberdefense and Cyberwarfare: Part II
Part II of this discussion involving Amrit Williams, Michael Smith and Dan Philpott focuses on recent policy developments in the US, in particular legislation currently in the US Congress to modify or replace the Federal Information Security Management Act with new laws, whether the establishment of a US Military Cyber Command is a military necessity or a maneuver to attract funding, and whether the intense effort to legislate and regulate represents an effort to compensate for a shortage of human cybersecurity expertise.
Episode 32 – Cybsersecurity, Cyberdefense and Cyberwarfare: Part I
Begins a three part discussion with Michael Smith, self-described Guerilla CISO and Dan Philpott, the instigator of the www.fismapedia.org wiki site on latest thinking on the rapidly developing fields of cyberdefense and cyberwarefare. Planners, policy makers and practitioners face multi-faceted dilemmas in this field.
Episode 31 – PCI: Tastes Great or Less Filling?
Amrit Williams, CTO of BigFix, Inc. talks to long time secure payments consultant Michael Dahn about whether the current Payment Card Industry (PCI) standards, by their prescriptive nature, lead to organizations focusing on standards compliance at the expense of more effective security measures.
Episode 30 – Patch Management: Still a Hamster Wheel of Pain After All These Years
Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Chief Analyst of Securosis discuss Project Quant, a Microsoft-sponsored research effort to better understand the software patch and update process from both the software vendor and software licensee points of view. Rich and Amrit invite listeners to participate in the survey posted on www.securosis.com
Episode 29 – Embrace Change to Cut the Cost and Complexity of IT Security
Amrit Williams, CTO of BigFix, Inc. and Joshua Corman, Security Strategist at IBM Infomation Security Solutions (ISS) contend that the only way to fight the escalating cost and complexity of IT security is to embrace change and leave outmoded practices and technologies behind. Ironically, even as agile security professionals make change, they discover that many compliance regimes and other “best practices” force them to dedicate scarce resources to address yesterday’s threats.
Episode 28 – Security and Systems Management Convergence Part II: The Resolution
Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), continue their conversation on the relationship between IT service management and IT incidence response management.
Episode 27 – Security and Systems Management Convergence Part I: The Balancing Act
Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), begin a two part discussion on security and system management convergence by looking at what keeps the two disciplines siloed from each other although both sides recognize the benefits of seamless collaboration.
Episode 26 – Situational Awareness Inside and Beyond the Perimeter
Amrit Williams, CTO of BigFix, Inc. speaks with Mike Rothman, founder of Security Incite and Senior Vice President of eIQ Networks on the need to secure information wherever it resides or travels, and a pendulum shift away from log management back to situational awareness.
Episode 25 – The Security Implications of Virtualization
Amrit Williams, CTO of BigFix, Inc. and Aaron Bawcom, VP of Engineering of Reflex Systems discuss Bawcom’s new book “Virtualization for Security.” Bawcom believes that virtualization represents the most profound technology shift since the introduction of the IP protocol and will have a double impact on enterprise information security. As as listening to the podcast, audience members can find out more about Bawcom’s book at http://tinyurl.com/pd3ryj
Episode 24 – 20th Century Databases Need 21st Century Security
Amrit Williams, CTO of BigFix, Inc. and Ron Bennatan, CTO of Guardium note that as security attacks increasingly emphasis theft of financially valuable data, this puts databases in hackers’ cross hairs. Since many databases can trace their lineages back 20 years or more, this often presents the technical and cultural conundrum of how to protect 20th century assets against 21st century attacks. This podcast also mentions Bennatan’s new book “How to Secure and Audit Oracle 10g and 11g, with more information on this work at http://tinyurl.com/pgzbvj
Episode 23 – Johnny Long: Hacker for Charity
Amrit Williams, CTO of BigFix, Inc. speaks with Johnny Long, founder of Hackers for Charity, about Long’s journey from the pinnacle of conventional IT industry career success to his decision to redirect his expertise to helping charitable organizations leverage computer technology to fight poverty and bring new opportunities to some of the poorest communities on earth. Amrit and Johnny invite listeners to learn more at www.hackersforcharity.org
Episode 22 -Technical Publishing for Fun, Fame, and Modest Profit
Amrit Williams, CTO of BigFix, Inc. and co-worker Ryan Russell, IT Director at BigFix review the latest edition of “Stealing the Network: The Complete Series Collector’s Edition,” co-authored by Ryan, Johnny Long and Timothy Mullen. More information on this book and others in the “Stealing the Network” series is available at http://tinyurl.com/ryscz2
Episode 21 – Cyber Warfare/Cyber Defense: Part II
Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR continue their discussion of cyber defense by reviewing the role of NICOR and similar organizations in helping various government agencies understand and coordinate their cyber defense programs and how private organizations can better understand their role in national cyber defense efforts and play a positive role in both securing their own assets and contribute to socially beneficial efforts across the economy.
Episode 20 – Cyber Warfare/Cyber Defense: Part I
Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR discuss the rapid evolution of state- and terrorist-sponsored cyber-warfare from a hypothetical threat to a current reality.
Episode 19 – The State of Cybercrime in 2009
Amrit Williams, CTO of BigFix, Inc. and Dr. Peter Tippett, Vice President of Innovation and Technology, Verizon Business Services review findings from Verizon’s 2009 Data Breach Investigations Report.
Episode 18 – Green Computing is Everyone’s Business
Amrit Williams, CTO of BigFix, Inc. and Forrester Research, Inc. Analyst Doug Washburn talk about the surprisingly slow uptake of green computing technologies in enterprise infrastructures.
Episode 17 – Crossing the IT and Physical Facilities Management Chasm
Amrit Williams, CTO of BigFix, Inc. and Sean Goings, Business Development Manager of TAC Americas, a physical facilities engineering firm, discuss overcoming the barriers to cooperation between physical facilities and information technology professionals.
Episode 16 – Waking Up to Web Application Security Risks
Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Principal Analyst of Securosis www.securosis.com) discuss Securosis’ recent research on managing security risks posed by web applications to enterprise IT.
Episode 15 – Security Attacks Make News: What’s the Story?
Amrit Williams, CTO of BigFix, Inc. and Patrick Peterson, Cisco Fellow and Chief Security Researcher at Cisco Networks talk about recently widely publicized security breaches and public, government and security expert research response to them. How can society make decisions in an information environment characterized by secrecy and special interest agendas?
Episode 14 – Getting Serious About IT Security Risk Management
Amrit Williams, CTO of BigFix, Inc, and Alex Hutton of Verizon Business Systems Cybertrust, discuss what it takes to practice a truly sophisticated approach to IT security risk management.
Episode 13 – Risk, Trust, Security and the Cloud
Amrit Williams and RSA VP of Product Management and Strategy Sam Curry discuss how the IT community is coming to terms with an inexorable migration of computing services to the cloud.
Episode 12 – Of Firewalls and VPNs: Two Examples of IT Security Business Enablement
Amrit Williams, CTO of BigFix, Inc., and Sam Curry, VP of Product Management and Strategy at RSA, The Security Division of EMC, review the current debate on whether IT security is about keeping bad things from happening, or as a means to enable business value generation.
Episode 11 – The Conficker Worm: Fighting Back
Amrit Williams, CTO of BigFix, Inc.and Rick Wesson, CEO of Support Intelligence, (www.support-intelligence.com) discuss industry efforts to combat the Conficker Worm that go beyond passive anti-malware actions to encompass measures to disrupt the worm and its perpetrators.
Note: This podcast has been reposted in transcript form due to technical difficulties in the original MP3 file. Click Here for the Transcript
Episode 10 – Industry Response to the Conficker Worm
Amrit Williams, CTO of BigFix, Inc. and Jose Nazario, Manager of Security Research at Arbor Networks, discuss industry response to the Conficker worm, highlighting the work of the industry-wide Conficker Working Group (www.confidantckerworkinggroup.org).
Note: This podcast has been reposted in transcript form due to technical difficulties in the original MP3 file. Click Here for the Transcript
Amrit Williams and Dave Watson, Chief Technology Officer of Mede discuss the impact of high-impact healthcare industry regulations including the Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA) and Payment Card Industry (PCI) on IT security and systems management programs in the healthcare industry.
Episode 8 – Defending Data, Enabling Availability: The View from Securosis
Amrit Williams and Adrian Lane, Security Strategist at IT security consultancy Securosis www.securosis.com) discuss the implications of taking a data protection-focused approach to IT security. In particular, the rise of technologies such as virtualization, software as a service (SaaS), cloud computing, mobile computing and the Internet itself mean that data is moving around like never before, rendering physical asset-focused approaches to security increasingly obsolete.
Episode 7 – Security, System Management, and Healthcare: In Conversation with Mark Starry
Amrit Williams and Concord Hospital (Concord, NH) Director of Security Architecture Mark Starry discuss how initiatives such as HIPAA, electronic medical records, privacy, and doctor’s clinical needs influence security and system management programs in a healthcare delivery organization.
Special Edition 1 – BigFix and IBM: The New Dynamics of Endpoint Security
Amrit Williams and IBM’s Scott Johnson discuss the market trends that influenced development of the new IBM Proventia ESC product.
Episode 5 – PCI and Compliance Initiatives
Amrit Williams and guest David Mortman, CISO in Residence, Echelon One discuss PCI and Compliance Initiatives.
Episode 4 – The Human Factor in Enterprise IT Security
Amrit Williams and guest Michael Santarchangelo discuss Santarchangelo’s new book, Into the Breach, on human factors influencing enterprise IT security. Podcast listeners can receive a 25% discount on Into the Breach by using the promo code “bigfix” at checkout.
Episode 3 – The Hathaway Appointment
Amrit Williams and Paul Roberts, senior analyst at the 451 Group discuss US government security policies, in particular whether hiring a Cyber Security Czar will bring about improved coherence in US government information security policy.
Episode 2 – Cybersecurity and the Obama Administration
Amrit Williams and guest Andy Purdy discuss the state of US government IT security policies and initiatives at the dawn of the Obama administration.
Episode 1 – The Kaspersky Break-In
Amrit Williams and Paul Roberts, senior analyst at the 451 Group, discuss the implications of a cyber security break in at Kaspersky Lab, a well-known anti-malware solutions vendor.
Something, something this way blogs 