Friday, May 18, 2012
Tuesday, May 15, 2012
IT's malignant narcissism and what you can do to rise above the noise
IT department optimism does not translate into IT department budget. That's what Jonathan Feldman wrote about in this Information Week piece. Their study provides lots of interesting insight into how many working in IT see things compared to, well, the rest of the business. I'm not surprised.
While we're on the subject, I've recorded a video on IT's role in fixing this problem and wrote a new piece for TechTarget's SearchWinIT.com site on why understanding management gets your IT department what it needs.
If you're going to move ahead - heck, even just survive - in IT, it's critical to understand how the desire for gain or fear of loss are at the basis of every "sale" you make. Stop thinking of yourself as an IT person and, instead, as a business professional who's helping the business move forward and accomplish its goals by leveraging IT.
While we're on the subject, I've recorded a video on IT's role in fixing this problem and wrote a new piece for TechTarget's SearchWinIT.com site on why understanding management gets your IT department what it needs.
If you're going to move ahead - heck, even just survive - in IT, it's critical to understand how the desire for gain or fear of loss are at the basis of every "sale" you make. Stop thinking of yourself as an IT person and, instead, as a business professional who's helping the business move forward and accomplish its goals by leveraging IT.
Friday, May 11, 2012
Web application security assessment war stories
I spend a lot of time performing Web security assessments and every project is a neat learning experience for me. I'm always eager to share my Web security war stories, what to do and what NOT to do so here are some new pieces you may be interested in...From exploiting Web vulnerabilities to IT geek speak and a bunch of stuff in between, I hope there's something here for you:
The Value of Web Exploitation
Web Application Firewalls and the False Sense of Security They can Create
Not All Web Vulnerabilities Are What They Appear to Be
The One Web Security Testing Oversight You Don’t Want to Miss
IT Geek Speak and What Management Really Needs to Hear
Enjoy!
As always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books and more.
The Value of Web Exploitation
Web Application Firewalls and the False Sense of Security They can Create
Not All Web Vulnerabilities Are What They Appear to Be
The One Web Security Testing Oversight You Don’t Want to Miss
IT Geek Speak and What Management Really Needs to Hear
Enjoy!
As always, check out principlelogic.com/resources for links to all of my information security whitepapers, podcasts, webcasts, books and more.
Thursday, May 10, 2012
Quote on reasoning with the unreasonable and why character is critical
Be it executives with their heads in the sand over security or know-it-all propeller heads who can't see the big picture of business risk, I've found that you just can't reason with the unreasonable. Here's something that Robert Schuller said that underscores the issue and helps us understand why being the bigger person is most important:
"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will accuse you of selfish ulterior motives. Do good anyway. If you are successful, you will win false friends and true enemies. Succeed anyway. Honesty and frankness make you vulnerable. Be honest and frank anyway."
Speaking of principles and character, I read a recent article by Larry Reed in the Atlanta Business Chronicle titled Character: Nothing is more important. This one piece sums up what I believe it truly takes to be successful in IT and information security. I especially like the part where Mr. Reed says "Integrity is more important than all the degrees you’ve earned, all the management courses you could possibly take, and all the knowledge that you could absorb on any subject." I couldn't agree more.
Focus on these things and you'll see that there's a vast conspiracy out there to make you successful.
"People are unreasonable, illogical and self-centered. Love them anyway. If you do good, people will accuse you of selfish ulterior motives. Do good anyway. If you are successful, you will win false friends and true enemies. Succeed anyway. Honesty and frankness make you vulnerable. Be honest and frank anyway."
Speaking of principles and character, I read a recent article by Larry Reed in the Atlanta Business Chronicle titled Character: Nothing is more important. This one piece sums up what I believe it truly takes to be successful in IT and information security. I especially like the part where Mr. Reed says "Integrity is more important than all the degrees you’ve earned, all the management courses you could possibly take, and all the knowledge that you could absorb on any subject." I couldn't agree more.
Focus on these things and you'll see that there's a vast conspiracy out there to make you successful.
Thursday, May 3, 2012
The funny thing about iPhones & airplane toilets
My Delta co-passengers and I recently had the opportunity to experience a near 1-hour flight delay due to, none other than, some dude dropping his iPhone into the aft toilet on our fancy Boeing 757. I'm not making this up...
Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The captain got involved, and then maintenance, and then all the ensuing paperwork.
This incident reminded me of when the authorities shut down an interstate when some dude is threatening to jump from a bridge above. Imagine the economic impact. Few think about that...But thanks to the ever so brave maintenance man, the passenger ended up getting his "$900" iPhone back. He said he had insurance on it and needed it to be able to get a new one. Reasonable argument I suppose..if you're a hazmat kinda guy.
I feel for the poor sap at AT&T who takes it back not knowing where it's been.
I bring this up because it's a scenario that could very well play out in your enterprise. I'm not so sure that anything could be recovered from a phone after being immersed in a toilet...but you never know, especially if the phone has a Micro SD card for external storage (i.e. BlackBerry & Android-based devices).
Will your employees know what to do in this type of situation? Will it matter if the device is personally-owned versus business-owned? You need to develop a stance on this and integrate into your mobile security policy. Oh, and let everyone know about it. Will you need to enact any sort of incident response procedures or data breach notification (I can hear it now: "Sorry Mr. or Mrs. Customer, We've had a craptacular situation involving your data that you need to know about...").
It was a funny situation. Crappy jokes aside, this is certainly something to think about for your own business.
Yep, there we were sitting at the gate and this guy comes up to the flight attendants to ask for some help getting his iPhone out of the crapper. Yuck! The captain got involved, and then maintenance, and then all the ensuing paperwork.
This incident reminded me of when the authorities shut down an interstate when some dude is threatening to jump from a bridge above. Imagine the economic impact. Few think about that...But thanks to the ever so brave maintenance man, the passenger ended up getting his "$900" iPhone back. He said he had insurance on it and needed it to be able to get a new one. Reasonable argument I suppose..if you're a hazmat kinda guy.
I feel for the poor sap at AT&T who takes it back not knowing where it's been.
I bring this up because it's a scenario that could very well play out in your enterprise. I'm not so sure that anything could be recovered from a phone after being immersed in a toilet...but you never know, especially if the phone has a Micro SD card for external storage (i.e. BlackBerry & Android-based devices).
Will your employees know what to do in this type of situation? Will it matter if the device is personally-owned versus business-owned? You need to develop a stance on this and integrate into your mobile security policy. Oh, and let everyone know about it. Will you need to enact any sort of incident response procedures or data breach notification (I can hear it now: "Sorry Mr. or Mrs. Customer, We've had a craptacular situation involving your data that you need to know about...").
It was a funny situation. Crappy jokes aside, this is certainly something to think about for your own business.
Wednesday, April 25, 2012
My webcast on software source code analysis
Here's a recent webcast I put together with the folks at Checkmarx (makers of a dandy source code analyzer) that you may be interested in:
The business value of partial code scanning
Enjoy!
The business value of partial code scanning
Enjoy!
Monday, April 23, 2012
How are you spending your time?
Not long ago I had a conversation with a colleague of mine who's also a consultant. We were discussing the topic of how, even with today's shaky economy, people still goof off on the job as if they had nothing to lose.
Are you seeing this too?
I wrote about this phenomenon over three years ago. Funny how not much changes internally given all the external forces pressing down on us.
Not being willing to do whatever it takes to become - and remain - a valuable asset to your business is a sure-fire way to get axed when big decisions are being made. Trust me, I learned this lesson the hard way working for a previous employer before I went out on my own.
I recommend continually asking yourself: What's the most valuable use of my time? I often find the answer to be something else other than what I'm currently doing. We all struggle with this. We're only human. It's the people who learn and overcome that move to the head of the pack.
In case you're interested, check out the additional articles I've written on time management and IT careers and even a couple of audiobooks that can help you boost your current career situation.
Are you seeing this too?
I wrote about this phenomenon over three years ago. Funny how not much changes internally given all the external forces pressing down on us.
Not being willing to do whatever it takes to become - and remain - a valuable asset to your business is a sure-fire way to get axed when big decisions are being made. Trust me, I learned this lesson the hard way working for a previous employer before I went out on my own.
I recommend continually asking yourself: What's the most valuable use of my time? I often find the answer to be something else other than what I'm currently doing. We all struggle with this. We're only human. It's the people who learn and overcome that move to the head of the pack.
In case you're interested, check out the additional articles I've written on time management and IT careers and even a couple of audiobooks that can help you boost your current career situation.
Subscribe to:
Posts (Atom)
ShareThis
Posts
