50th “Beyond The Perimeter” Podcast HighLights


Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to have joined us.

Beyond the Perimeter iTunes subscription

Beyond the Perimeter Direct XML Feed

Episode 50 – Information Security and the Application Stack–Part 1

Amrit Williams, BigFix CTO talks to Brad Arkin, Adobe Systems director of security and privacy, about Adobe’s programs to improve security properties of its widely used software products both during development and after release to the field.

Episode 49 – Do We Need to Regulate Software Development?

Amrit Williams, BigFix CTO continues his conversation with Adam Shostack, Emergent Chaos leader of the band, about the tradeoffs of emphasizing security versus user experience in software development. Amrit asks the question why shouldn’t security be built into software instead of being treated as an add-on?

Episode 48 – Overcoming the IT Security Crisis

Amrit Williams, BigFix CTO, begins a three part conversation with Adam Shostack, bandleader of the Emergent Chaos blog site and author, most recently of “The New School of Information Security,” co written with Andrew Stewart.

Episode 47 – The IT Security Industry Winter

Amrit Williams, BigFix CTO talks with Peter Kuper, former analyst Morgan Stanley and SC Gowen, now associated with the IANS organization on the impact of the recession on the security industry.

Episode 46 – Coping With the Malware Explosion

Amrit Williams, BigFix CTO, continues his conversation with Al Huger, founder of Immunet, focusing on how the explosion in the types of malware has completely overwhelmed conventional anti-virus technologies and how Immunet is developing community-based solutions to the malware problem.

Episode 45 – Clouds, Communities and New Models for Anti-Virus

Amrit Williams, BigFix CTO, talks with Al Huger, serial security start-up entrepreneur, on Huger’s latest venture, Immunet. Huger believes that the rapid mutation of malware has oustripped the ability of signature-based anti-virus products to cope with it.

Episode 44 – Can IT Security, Operations, and Senior Management Speak the Same Language?

In this third conversation between BigFix CTO Amrit Williams and Cambridge Infosec Associates principal Nick Selby, Selby says that between IT security, operations and general management suffer greatly from poor communications.

Episode 43 – The Oil and Water Relationship of Compliance and Security

BigFix CTO Amrit Williams continues his conversation with Cambridge Infosec Associates principal Nick Selby, turning to Selby’s view that too many organizations confuse IT compliance with security.

Episode 42 – The Education of an IT Risk Management Consultant

BigFix CTO Amrit Williams and Nick Selby, co-founder of Cambridge Infosec Associates talk about Nick’s new security risk management consultant company.

Episode 41 – Security B-Sides: Party With a Purpose

BigFix CTO Amrit Williams gets the low down on the Security B-Sides events from Jack Daniel, self-described Security Curmudgeon. Security B-Sides have grown up rapidly as a forum for papers and and presentations that did not make it on to the official program at Black Hat and Defcon Conferences due to time and logistics limitations. Visit www.securitybsides.com

Episode 40 – Taking Care of the Fundamentals

BigFix CTO Amrit Williams meets up with IT Security Curmudgeon Jack Daniel to talk about practical approaches to IT security for small and medium businesses (SMB). For more on Jack Daniel, visit http://blog.uncommonsensesecurity.com/

Episode 39 – Compliance: Security Floor or Ceiling?

BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?

Episode 38 – Black Hat, Defcon, Hackers for Charity and More

BigFix CTO Amrit Williams, speaks with Ryan Russell

Episode 37 – Securing Web Applications: Improving the Application Development Life Cycle

BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman conclude their discussion on web application security by looking at ways organizations can build in security features and resistance to attack over the life cycles of in-house developed web applications.

Episode 36 – Securing Web Applications: Instituting Operational Controls

BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman continue their discussion on web application security by looking at what kinds of operational controls organizations can institute to enable more effective management and protection of web applications over their life cycles.

Episode 35 – Securing Web Applications: Surveying the Threat Landscape

Amrit Williams, BigFix CTO begins a three-part discussion with Jeremiah Grossman, CTO of White Hat Security on web application security.

Episode 34 – Cybsersecurity, Cyberdefense and Cyberwarfare: Part III

Part III of the conversation with Amrit Williams, Michael Smith and Dan Philpott moves on to look at private sector adoption of government-developed IT security standards and policies, a field guide to current NIST FISMA documents, and which private organizations—mostly government contractors–must comply with government security standards.

Episode 33 – Cybsersecurity, Cyberdefense and Cyberwarfare: Part II

Part II of this discussion involving Amrit Williams, Michael Smith and Dan Philpott focuses on recent policy developments in the US, in particular legislation currently in the US Congress to modify or replace the Federal Information Security Management Act with new laws, whether the establishment of a US Military Cyber Command is a military necessity or a maneuver to attract funding, and whether the intense effort to legislate and regulate represents an effort to compensate for a shortage of human cybersecurity expertise.

Episode 32 – Cybsersecurity, Cyberdefense and Cyberwarfare: Part I

Begins a three part discussion with Michael Smith, self-described Guerilla CISO and Dan Philpott, the instigator of the www.fismapedia.org wiki site on latest thinking on the rapidly developing fields of cyberdefense and cyberwarefare. Planners, policy makers and practitioners face multi-faceted dilemmas in this field.

Episode 31 – PCI: Tastes Great or Less Filling?

Amrit Williams, CTO of BigFix, Inc. talks to long time secure payments consultant Michael Dahn about whether the current Payment Card Industry (PCI) standards, by their prescriptive nature, lead to organizations focusing on standards compliance at the expense of more effective security measures.

Episode 30 – Patch Management: Still a Hamster Wheel of Pain After All These Years

Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Chief Analyst of Securosis discuss Project Quant, a Microsoft-sponsored research effort to better understand the software patch and update process from both the software vendor and software licensee points of view. Rich and Amrit invite listeners to participate in the survey posted on www.securosis.com

Episode 29 – Embrace Change to Cut the Cost and Complexity of IT Security

Amrit Williams, CTO of BigFix, Inc. and Joshua Corman, Security Strategist at IBM Infomation Security Solutions (ISS) contend that the only way to fight the escalating cost and complexity of IT security is to embrace change and leave outmoded practices and technologies behind. Ironically, even as agile security professionals make change, they discover that many compliance regimes and other “best practices” force them to dedicate scarce resources to address yesterday’s threats.

Episode 28 – Security and Systems Management Convergence Part II: The Resolution

Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), continue their conversation on the relationship between IT service management and IT incidence response management.

Episode 27 – Security and Systems Management Convergence Part I: The Balancing Act

Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), begin a two part discussion on security and system management convergence by looking at what keeps the two disciplines siloed from each other although both sides recognize the benefits of seamless collaboration.

Episode 26 – Situational Awareness Inside and Beyond the Perimeter

Amrit Williams, CTO of BigFix, Inc. speaks with Mike Rothman, founder of Security Incite and Senior Vice President of eIQ Networks on the need to secure information wherever it resides or travels, and a pendulum shift away from log management back to situational awareness.

Episode 25 – The Security Implications of Virtualization

Amrit Williams, CTO of BigFix, Inc. and Aaron Bawcom, VP of Engineering of Reflex Systems discuss Bawcom’s new book “Virtualization for Security.” Bawcom believes that virtualization represents the most profound technology shift since the introduction of the IP protocol and will have a double impact on enterprise information security. As as listening to the podcast, audience members can find out more about Bawcom’s book at http://tinyurl.com/pd3ryj

Episode 24 – 20th Century Databases Need 21st Century Security

Amrit Williams, CTO of BigFix, Inc. and Ron Bennatan, CTO of Guardium note that as  security attacks increasingly emphasis theft of financially valuable data, this puts databases in hackers’ cross hairs. Since many databases can trace their lineages back 20 years or more, this often presents the technical and cultural conundrum of how to protect 20th century assets against 21st century attacks. This podcast also mentions Bennatan’s new book “How to Secure and Audit Oracle 10g and 11g, with more information on this work at http://tinyurl.com/pgzbvj

Episode 23 – Johnny Long: Hacker for Charity

Amrit Williams, CTO of BigFix, Inc. speaks with Johnny Long, founder of Hackers for Charity, about Long’s journey from the pinnacle of conventional  IT industry career success to his decision to redirect his expertise to helping charitable organizations leverage computer technology to fight poverty and bring new opportunities to some of the poorest communities on earth. Amrit and Johnny invite listeners to learn more at www.hackersforcharity.org

Episode 22 -Technical Publishing for Fun, Fame, and Modest Profit

Amrit Williams, CTO of BigFix, Inc. and co-worker Ryan Russell, IT Director at BigFix review the latest edition of “Stealing the Network: The Complete Series Collector’s Edition,” co-authored by Ryan, Johnny Long and Timothy Mullen. More information on this book and others in the “Stealing the Network” series is available at http://tinyurl.com/ryscz2

Episode 21 – Cyber Warfare/Cyber Defense: Part II

Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR continue their discussion of cyber defense by reviewing the role of NICOR and similar organizations in helping various government agencies understand and coordinate their cyber defense programs and how private organizations can better understand their role in national cyber defense efforts and play a positive role in both securing their own assets and contribute to socially beneficial efforts across the economy.

Episode 20 – Cyber Warfare/Cyber Defense: Part I

Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR discuss the rapid evolution of state- and terrorist-sponsored cyber-warfare from a hypothetical threat to a current reality.

Episode 19 – The State of Cybercrime in 2009

Amrit Williams, CTO of BigFix, Inc. and Dr. Peter Tippett, Vice President of Innovation and Technology, Verizon Business Services review findings from Verizon’s 2009 Data Breach Investigations Report.

Episode 18 – Green Computing is Everyone’s Business

Amrit Williams, CTO of BigFix, Inc. and Forrester Research, Inc. Analyst  Doug Washburn talk about the surprisingly slow uptake of green computing technologies in enterprise infrastructures.

Episode 17 – Crossing the IT and Physical Facilities Management Chasm

Amrit Williams, CTO of BigFix, Inc. and Sean Goings, Business Development Manager of TAC Americas, a physical facilities engineering firm, discuss overcoming the barriers to cooperation between physical facilities and information technology professionals.

Episode 16 – Waking Up to Web Application Security Risks

Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Principal Analyst of Securosis  www.securosis.com) discuss Securosis’ recent research on managing security risks posed by web applications to enterprise IT.

Episode 15 – Security Attacks Make News: What’s the Story?

Amrit Williams, CTO of BigFix, Inc. and Patrick Peterson, Cisco Fellow and Chief Security Researcher at Cisco Networks talk about recently widely publicized security breaches and public, government and security expert research response to them. How can society make decisions in an information environment characterized by secrecy and special interest agendas?

Episode 14 – Getting Serious About IT Security Risk Management

Amrit Williams, CTO of BigFix, Inc, and Alex Hutton of Verizon Business Systems Cybertrust, discuss what it takes to practice a truly sophisticated approach to IT security risk management.

Episode 13 – Risk, Trust, Security and the Cloud

Amrit Williams and RSA VP of Product Management and Strategy Sam Curry discuss how the IT community is coming to terms with an inexorable migration of computing services to the cloud.

Episode 12 – Of Firewalls and VPNs: Two Examples of IT Security Business Enablement

Amrit Williams, CTO of BigFix, Inc., and Sam Curry, VP of Product Management and Strategy at RSA, The Security Division of EMC, review the current debate on whether IT security is about keeping bad things from happening, or as a means to enable business value generation.

Episode 11 – The Conficker Worm: Fighting Back

Amrit Williams, CTO of BigFix, Inc.and Rick Wesson, CEO of Support Intelligence, (www.support-intelligence.com) discuss industry efforts to combat the Conficker Worm that go beyond passive anti-malware actions to encompass measures to disrupt the worm and its perpetrators.

Note: This podcast has been reposted in transcript form due to technical difficulties in the original MP3 file. Click Here for the Transcript

Episode 10 – Industry Response to the Conficker Worm

Amrit Williams, CTO of BigFix, Inc. and Jose Nazario, Manager of Security Research at Arbor Networks, discuss industry response to the Conficker worm, highlighting the work of the industry-wide Conficker Working Group (www.confidantckerworkinggroup.org).

Note: This podcast has been reposted in transcript form due to technical difficulties in the original MP3 file. Click Here for the Transcript

Episode 9 – Systems and Security Management in the Healthcare Industry: A Conversation with Amrit Williams and Dave Watson

Amrit Williams and Dave Watson, Chief Technology Officer of Mede discuss the impact of high-impact healthcare industry regulations including the Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA) and Payment Card Industry (PCI) on IT security and systems management programs in the healthcare industry.

Episode 8 – Defending Data, Enabling Availability: The View from Securosis

Amrit Williams and Adrian Lane, Security Strategist at IT security consultancy Securosis  www.securosis.com) discuss the implications of taking a data protection-focused approach to IT security. In particular, the rise of technologies such as virtualization, software as a service (SaaS), cloud computing, mobile computing and the Internet itself mean that data is moving around like never before, rendering physical asset-focused approaches to security increasingly obsolete.

Episode 7 – Security, System Management, and Healthcare: In Conversation with Mark Starry

Amrit Williams and Concord Hospital (Concord, NH) Director of Security Architecture Mark Starry discuss how initiatives such as HIPAA, electronic medical records, privacy, and doctor’s clinical needs influence security and system management programs in a healthcare delivery organization.

Special Edition 1 – BigFix and IBM: The New Dynamics of Endpoint Security

Amrit Williams and IBM’s Scott Johnson discuss the market trends that influenced development of the new IBM Proventia ESC product.

Episode 5 – PCI and Compliance Initiatives

Amrit Williams and guest David Mortman, CISO in Residence, Echelon One discuss PCI and Compliance Initiatives.

Episode 4 – The Human Factor in Enterprise IT Security

Amrit Williams and guest Michael Santarchangelo discuss Santarchangelo’s new book, Into the Breach, on human factors influencing enterprise IT security. Podcast listeners can receive a 25% discount on Into the Breach by using the promo code “bigfix” at checkout.

Episode 3 – The Hathaway Appointment

Amrit Williams and Paul Roberts, senior analyst at the 451 Group discuss US government security policies, in particular whether hiring a Cyber Security Czar will bring about improved coherence in US government information security policy.

Episode 2 – Cybersecurity and the Obama Administration

Amrit Williams and guest Andy Purdy discuss the state of US government IT security policies and initiatives at the dawn of the Obama administration.

Episode 1 – The Kaspersky Break-In

Amrit Williams and Paul Roberts, senior analyst at the 451 Group, discuss the implications of a cyber security break in at Kaspersky Lab, a well-known anti-malware solutions vendor.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s