The Guerilla CISO
 
Showing 1-10 of 149 records
 
Expand article

Barcode Hacking

2010-01-13 10:37:30 by rybolov in The Guerilla CISO
 
A little presentation I did for NoVA Hackers. Basic intent was to be more workshop than something more formal and to give everybody the tools to do their own experimentation at home I even inspired Jack to write a blog post Caveat: this has nothing to do with FISMA or Government InfoSec Barcodes View more presentations from Michael Smith...
 
Tags: basic intent, government infosec, nova hackers, blog post, code, links, presentation, michael smith, hide sites
 
 
 
 
Expand article

BSOFH: Memo for My Project Team

2010-01-07 21:42:19 by rybolov in The Guerilla CISO
 
...Security Waiver. Please dont ask the security staff directly about waivers. Theyll only send you on a huge journey to circumnavigate a huge amount of paperwork Remote Access. Yep, we have it. But look, you guys are database and applications geeks, leave the drawings to me because you keep drawing the Internet users inside of our network...
 
Tags: code, code dragons, code review, custom code implies, glue code, custom code, financial data, internet users inside, internet
 
 
 
 
Expand article

IKANHAZFIZMA Finds Caution Tape

The Article has images
2010-01-07 21:42:19 by rybolov in The Guerilla CISO
Ah yes, the BSOFH is deep down inside every security manager doing all the things that we wish we could. And so today we present a BSOFH in lolcat form For more BSOFH, check out posts here on guerilla-ciso and on layer8 Bookmark to Hide Sites
 
Tags: bsofh, security manager, lolcat form, hide sites, deep, guerilla-ciso, check, layer8, bookmark
 
 
 
 
Expand article

Old Saint NIST: Ho Ho Hold on, whats this?

2009-12-13 21:32:52 by DanPhilpott in The Guerilla CISO
 
...information security practice. Now is such a time. A slew of new NIST documents are being released between now and April. These are the core NIST documents that describe how to satisfy FISMA. They include NIST SPs 800-30 Revision 1, 800-39, 800-37 Revision 1 and 800-53A Revision 1. Thats where you come in The documents define what federal...
 
Tags: nist, core nist documents, nist documents, nist special publication, include nist sps, nist releases, 800-37r1 fpd review, 800-37r1 fpd, documents
 
 
 
 
Expand article

Building A Modern Security Policy For Social Media and Government

2009-12-13 14:34:03 by rybolov in The Guerilla CISO
 
A small presentation Dan Philpott and I put together for Potomac Forum about getting sane social media policy out of your security staff. I also recommend reading something I put out a couple of months ago about Social Media Threats and Web 2.0 Building A Modern Security Policy For Social Media and Government View more presentations from...
 
Tags: social media, modern security policy, social media threats, presentation dan philpott, security staff, government, months ago, potomac forum, michael smith
 
 
 
 
Expand article

LOLCATS, Eric Schmidt, and Privacy

The Article has images
2009-12-10 07:35:59 by rybolov in The Guerilla CISO
So now that His Esteemed Highness Eric Schmidt has declared privacy dead, our IKANHAZFIZMA team of LOLCATS wants to know if they can resume their usual collection of cellular traffic References Gawker: Google CEO: Secrets Are for Filthy People Schneier Blog: My Reaction to Eric Schmidt Download Squad: Only naughty people should be afraid of...
 
Tags: eric schmidt, ceo eric schmidt, google, highness eric schmidt, google ceo, google chief, cellular traffic, schneier blog, net privacy
 
 
 
 
Expand article

Assumptions and Dependencies

The Article has images
2009-12-08 10:38:06 by rybolov in The Guerilla CISO
...security products Assumption, Minnesota photo by afiler Now for why you need to understand this list: its because if youre not operating under the exact same set of assumptions as the catalog of controls, you have to adjust the catalog of controls to fit what it is youre trying to accomplish And this, dear readers, is my theory on why...
 
Tags: controls, common controls, assumptions, security, datacenter environmental controls, risk management framework, risk management, security products, system
 
 
 
 
Expand article

More on the Rybolov Information Security Management Model

The Article has images
2009-12-01 02:42:48 by rybolov in The Guerilla CISO
...Information Security Management Model And some peculiarities of the model that Ive noticed Regulation, Compliance, and Governance flows from the top to the bottom. Technical solutions flow from the bottom to the top The Enterprise (Layer 4) gets the squeeze. But you CISOs out there knew that already, right? It makes much sense in the typical...
 
Tags: security, information security, layers, model, technical solutions flow, legislation, legislation based, solutions, security game
 
 
 
 
Expand article

DojoCon 2009 Presentation

2009-11-07 13:41:49 by rybolov in The Guerilla CISO
 
The video of my dojocon presentation. The microphone was off for the first couple of minutes but I look pretty animated And then the compliance panel that I tried not to dominate And finally, my slides are up on slideshare Dojo Con 09 View more presentations from Michael Smith Bookmark to Hide Sites
 
Tags: dojo con, michael smith, compliance panel, hide sites, dojocon presentation, microphone, video, slides, minutes
 
 
 
 
Expand article

AppSec DC Press and Themes

2009-11-02 08:43:11 by rybolov in The Guerilla CISO
 
...security conferences for the past 5 years or so (oh noes, teh Internetz are broken. Again However, AppSecDC has another set of themes that are mostly unique to OWASP and AppSecDC in particular The OWASP Approach to Security: its not process/product, its education and outreach. Thanks to Doug Wilson for this idea. Basically with host and...
 
Tags: security, security conferences, application security, owasp, owasp approach, owasp top, homeland security, official conference, appsecdc
 
 
 
 
 
Showing 1-10 of 149 records