Have you worked on an environmentally friendly IT project or carbon-offsetting scheme in the last 12 months? Do you sell an energy-efficient IT security technology? If you answered yes to either of these questions, then you may want to nominate your company or product for the third annual Green IT Awards.

The Green IT Awards give UK companies and public sector bodies the opportunity to highlight and be rewarded for their work in improving the IT industry’s environmental performance.

Nominations are free, and there are 22 categories to choose from. If you are a finalist, you may want to attend the awards ceremony, which will take place at The London Zoo in Regent’s Park.

For more information on the awards and to see how you can get involved please visit: www.greenitawards.com. Before you nominate, make sure you read the judging criteria.

Good luck to all this year’s entrants from the Countdown team!

By Rose Ross (@Rose_at_0)

As 2012 dawns, we have had the pleasure of getting an audience with renowned infosecurity blogger, Brian Honan. Keep an eye out for his blog SecurityWatch www.bhconsulting.ie/securitywatch if you aren’t already a fan.

Q.  Tell us a bit about yourself:

I am an independent information security consultant based out of Dublin Ireland.  When not providing services to my clients I enjoy writing articles for various magazines, blogging to my own site and now to Infosecurity Magazine Blogs, editing the SANS NewsBites and writing the occasional books are one way that I can articulate some of my ideas and reach a wider audience.  I believe that a key element in our battle against criminals is sharing knowledge and information.  I don’t pretend to know all the answers but if some of what I write makes people think differently, discuss an issue in more detail or look at an issue in a different way, then it is worth the time and effort put into the piece.  I have also published and contributed to numerous whitepapers on information security and also speak regularly at various conferences and seminars.  I also founded and run Ireland’s Computer Emergency Response Team, IRISSCERT www.iriss.ie.

Q. Tell us a little bit about the blogs you write for and their interest in data security.

My own blog, SecurityWatch www.bhconsulting.ie/securitywatch, is where I do a lot of my posting.  Although, of late my rate of posting has dropped off.  Likewise I used to regularly blog to the Infosecurity Magazine blog http://www.infosecurity-magazine.com/blog/ but have not done so in a while.  One of my resolutions this year is to address this deficit and update both blogs more regularly.   SecurityWatch is my own company’s blog so I use it to make people aware of some of the work we do, new industry initiatives, upcoming security events and also post some of my musings on information security.  Infosecurity Magazine is one of the industry’s leading publications on information security and I tend to post more strategic or information security management issues.

Q. What’s hot in IT security this year?

I always worry when people focus on what is hot in IT security.  My concern is that if we look at what is hot we tend to overlook the basics which in turn can lead to system compromises.  However, providing organisations continue to take a risk based approach and address the basic disciplines in information security then the areas I see being hot this year are the consumerisation of IT, cloud computing, hacktivism and security awareness.  Consumerisation of IT covers not just allowing employees to use their smartphones, tablets or personal PCs to work on but also personal services such as personal email accounts, file sharing solutions, online collaboration tools and social networks.  Given the ease of use with these devices and services and also how tech savvy many people are today, those responsible for security can no longer simply ignore this issue and need to see how best to integrate into their work place and manage the associated risks.  Cloud computing will continue apace this year and as more and more business people see the benefits that the cloud can bring, IT security needs to grasp this nettle and ensure cloud is embraced into their organisations in a secure manner or they will be simply bypassed by the business.  Remember you do not need to be technical anymore to deploy and use many cloud services.  You simply need a credit card and a mouse.  Anonymous and other groups such as Lulzsec have focused the spotlight in 2011 onto hactivism with many major organisations hitting the headlines as a result, for all the wrong reasons.  However, while hacktivism is nothing new the increasing media exposure to the likes of Anonymous is encouraging many others to come forward and use the Internet as a means to demonstrate their displeasure at the way companies, individuals or governments are behaving.  So I see an increase in these type of attacks this year and already we are seeing an example of this with the tit for tat exchanges that are currently happening between activists in Israel and Saudi Arabia.  In order to help minimise the risk of the above topics and to address the traditional and on-going threats we face I see many organisations looking at how to better educate their users to be more aware of information security risks and how to deal with them.

Q. How many security events do you attend each year?

I try and attend as many as I can, work permitting.  Being based in Ireland means that for many major events I have to travel so I have to be rather choosy on which ones I go to.  I always make sure that each year I get to attend both Infosec Europe and RSA Europe.  I find these are great events to get to meet others in the industry and to keep up to date with what is going on.  Last year I attended and spoke at BsidesLondon and found it to be an excellent event and hope to attend again this year.  I also run the Irish CERT’s Annual Cybercrime conference in November and it is fast becoming one of the top security events in Ireland.  I also look to attend local chapter events for organisations such as ISSA, ISACA and OWASP.  These events are excellent in allowing people to network with their peers in the local area and to discuss issues of common interest.  If you cannot get to attend any of the major events I would strongly recommend people look towards their local ISSA, ISACA and OWASP chapters for their events.

Q. Which one are you most looking forward to?

I look forward to Infosec Europe and RSA Europe a lot as I get to meet friends and peers that I may not see as regularly as I wish.  It is often a chance to meet with new people or to come across a new product idea or interesting speaker.  While it requires a lot of work, the Irish CERT Cybercrime conference is also a favourite as it is an opportunity for us to invite great speakers to address an Irish audience and for those attending to network with each other.

Q. What types of stories or companies are likely to attract your attention this year?

Those that look at addressing the basic issues in IT security and look to engage with the community on dealing with those issues.  This approach though is not attractive to many in marketing as it requires investing time and resources in building up relationships and  can be a long slow burn to achieve any direct results.  But from the organisations I have seen take this approach the dividends gained can be quite large.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Email is the best contact, brian.honan(at)bhconsulting(dot)ie or via Twitter @brianhonan.

Q. Who is worth listening to (about IT security) and what’s your favourite blog?

Those that are engaged in the trenches in dealing with IT security issues and tend not to put a marketing or sales spin onto the topic.  A good list of people on Twitter to follow is Tripwire’s Top 25 Influential People to Follow on Twitter http://www.tripwire.com/state-of-security/it-security-data-protection/top-25-influencers-in-security-you-should-be-following/

Q. What is your favourite piece of technology?

The Internet, I know it is composed of many different technologies but when you think about how it has changed our lives, both personal and business, it is amazing.

Q. What do you think is the most important development in IT security to date?

I think one of the most important developments in IT security to date is the information sharing forums or groups that have been set up to help organisations, both private and public, to share information and intelligence on criminal activities and devise strategies on how to address them.  While technology will help us tackle some of these threats, it is humans at the end of the day who are actually posing the threats and it will be humans working for the common good that ultimately can best address those threats.   So the setting up and running of the first CERT, CERT/CC www.cert.org, was a major forwarding initiative and one that is still paying dividends today.

Q. What is the best piece of advice for companies pitching stories?

Avoid the FUD (Fear Uncertainty and Doubt) approach, the sky is not going to fall if someone does not use your product/service.  Yes do highlight the issue but address it in a pragmatic way.  Also don’t brand your solution to solve the latest security buzzword or that your product could have prevented the latest headline security breach.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I love social media as it provides me with the opportunity to keep in touch with friends and peers and access the thoughts of some of the best minds in the industry. While I have a profile on Facebook I am not as active there as I very wary about the way Facebook deals with the privacy of its users.  I am very active on Twitter (@brianhonan) and LinkedIn (http://www.linkedin.com/in/brianhonan).

Via CRN UK’s Caroline Donnelly (@carrotyD) on Twitter, Sara Yirell, CRN UK’s editor (@yirrelli) has written about an alleged politcal scandal involving Transputec’s CEO unearthed by the Mail on Sunday. Read more here:

http://www.channelweb.co.uk/crn-uk/news/2139327/transputec-chief-caught-political-scandal

Well as the bosses at Benetton said there is no such thing as bad publicity. Hope the likes of SonicWall, Checkpoint, Watchguard and VMWare (some of the vendors on the Transputec books) agree.

TechWeekEurope UK, the business IT website, has launched an Events channel, giving a comprehensive run down of events for professionals in the IT sector – including of course Infosec related events.

The Events channel gathers in one place a wealth of information, giving the UK’s tech community a single source for a detailed view of IT happenings. It covers exhibitions, conferences, workshops, seminars and training events for IT, marketing and PR professionals in the UK. All the listings contain full details and contacts, and can be viewed as a list or on a calendar.

“Despite the current economic climate, the UK’s IT sector still has a huge demand for education and information, provided by a thriving events community,” said Peter Judge, Editor of TechWeekEurope UK. “Our new channel aims to give users access to the events and training they need.”

Each event has a dedicated page, with information including a location map, and the aims of the event. The channel is filling rapidly, and has space for readers’ discussion and feedback – allowing users to enter details of their own events and launches.

TechWeekEurope is the new authoritative UK source for news, features and reviews of business technology. Drawing on a pool of UK tech journalists, and in association Ziff Davis Enterprise’s eWEEK.com, its aim is to help readers enhance their business with technology.

The TechWeekEurope Events Channel can be found on: http://www.techweekeurope.co.uk/category/events

I’ve just blogged about the upcoming CloudCamp London on Big Data for www.countdown2storageexpo.com but wanted to shout out one of the lightning talks which will make this event of interest to the Infosecurity world too! Full post here: http://countdown2storageexpo.wordpress.com/2012/01/16/cloudcamp-london-goes-big-data-for-one-night-only/

Chris Swan from UBS will be giving a lightning talk on “Security Information and Event Management – a big data problem. A look at how big data tools are being used for security monitoring”.

I have chatted with and listened to Chris before at Cloudcamps in the past and he’ll no doubt have some Infosec pearls of wisdom on Big Data to share. If Big Data is starting to appear on your Infosec radar it is definitely worth getting yourself down to the Crypt on the evening of 25^th Jan. And as always to round off the evening beer and pizza. A perfect Cloudcamp evening for sure! See you there!

More at http://www.cloudcamp.org/london

By Mike Burkitt, AKA @Mike_at_LPDE

Part of the IP EXPO franchise is moving into the Spanish market on the back of a relationship with EasyFairs and it is billed as “most important end-to-end IT infrastructure event in Spain”

So after the fun of Infosecurity Europe, you’ll be able to top up your sales leads pool (or your tan) with Security12, part of the technology foci alongside virtualization, cloud and IP networks but without it’s UK bedfellows of storage and wireless. The inaugural Spanish IP EXPO will take place on13 – 14 June 2012 at the IFEMA Feria de Madrid.

Yes and with an average temperature, according to GoSpain “The average maximum temperature in Madrid in June is 82°F/28°C and the average minimum temperature is 55°F/13°C.” compare with an average of just 9°C in London in April for Infosecurity Europe attendees.  Security12 will certainly be hotter in one respect than Infosecurity Europe.

A variety of free seminars, conference panel debates, keynote lectures and workshops are organised. Here, industry specialists share their knowledge in short and quick sessions. The visitors are updated with market trends as well as new ideas.

The conference programme is combined with professional seminars and visionary presentations by technical managers and IT specialists. It’s just another one of the visitor-value-adds provided by easyFairs!

To be part of the conversation – “La seguridad es muy caliente” as long as you speak the lingo -(So far the solo tweet is in Spanish at: @IPEXPOES) contact Temis Fernández on: +34 91 636 2709  or via e-mail: temis@omexpo(dot)com

Well infosec PR peeps, Christmas certainly has come early this year. If you need a code to crack or a lock to pick. Who ya gonna call? Steve Mansfield-Devine of course….

Q. Tell us a bit about yourself:
I’ve been a journalist for 30 years, freelance for most of that time. I’ve covered all kinds of subjects, from gaming in Nevada to life in the US Marines. I’m a private pilot and so have written for flying magazines. And I do some work in the defence sector. But overwhelmingly my beat has been technology. I started to specialise in infosecurity a few years ago and became editor of Network Security and Computer Fraud & Security about 18 months ago. This year I became a Certified Ethical Hacker (CEH).

Q. Tell us a little bit about the titles you write for and their interest in data security.

Network Security and Computer Fraud & Security are monthly, subscription-only journals aimed at infosec professionals and institutions. They focus mostly on technical issues, although we do cover infosecurity strategies and policies. We assume a high level of knowledge on the part of our readers and run in-depth features, typically starting at 2,000 words and often running as long as 6,000.

Q. What’s hot in IT security this year?

People can’t seem to stop talking about comsumerisation, which is clearly an issue. And the cloud is making a lot of people very obsessive – to an exaggerated degree, I think. There’s been a lot of talk about ‘hacktivism’ too, of course, but I think that’s also over-hyped. The likes of Anonymous and LulzSec are media-friendly – especially to those parts of the media that don’t understand infosecurity. But from both a technical standpoint and a business impact perspective, it’s fairly trivial stuff. That may change if the volume of hacktivism increases. There’s an associated issue, which isn’t hacktivism per se, but which I think is far more significant, and that’s how people are using communication networks in support of genuine activism, as in the case of the Arab Spring. And there’s the dark side of that, too, with the attempt by various authorities to kill thse networks as an act of oppression. That’s going to be a very interesting area to watch.

Q. How many security events do you attend each year?

I try to get to three or four. Being based in rural France makes it a little difficult sometimes. But InfoSecurity is a must, and RSA is high on my priority list.

Q. Which one are you most looking forward to?

SecurityBsides London. Last year was the first time it was held in London and I found it invaluable. I got to meet a lot of people who actually do security – rather than selling it or talking about it. I got to talk to a number of pen-testers and security professionals who were able to give a very different picture to the glossy products that tend to dominate trade shows.

Q. What types of stories or companies are likely to attract your attention this year?

The mobile market is getting very interesting. When it comes to malware and other exploits, Android is starting to look like the Windows 98 of the 21st Century. With smartphones outselling PCs and the rise of tablets, mobile networking is where the action is going to be from a security perspective. That, of course, is why so many people are focused on consumerisation. But that’s just about Bring Your Own Device issues: mobile is a hot topic that extends well beyond the problems of securing smartphones within the corporate perimeter.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Definitely email – smd[at]contrarisk[dot]com. You may be lucky and get my attention via Twitter (@contrarisk), but I can’t guarantee it. Never by phone.

Q. Who is worth listening to (about IT security)?
Pen-testers. They know where the bodies are buried. Strangely, that saying is usually metaphorical…

Q. What is your favourite piece of technology?

My iPhone. Sometimes I even use it as a phone.

Q. What do you think is the most important development in IT security to date?

That’s a very broad question. What strikes me as the most significant issue in security is what hasn’t happened – and that’s to do with our inability to get to grips with the Layer 8 problem. For all our fancy new technology – next-generation firewalls, IPSs, Security as a Service – we still continually fall prey to our inability to adopt secure habits. That affects everyone – from software writers who don’t build security into the development lifecycle, and still produce code vulnerable to buffer overflows or SQL injection, to individuals who re-use weak passwords and fall victim to even the most blatant social engineering tricks. Computers and the Internet are now such an intrinsic part of the fabric of our lives that it’s time we put some real effort into raising awareness.

Q. What is the best piece of advice for companies pitching stories?

Make them technical. I want details, facts, figures, examples and practical information — not opinion. We get offered way too many high-level opinion pieces.

Q. What was the best press trip you’ve ever been on? Worst? Why?

Oh well, that goes way back (as I do). It would have to be the NATO press trip to watch an amphibious assult exercise in the Med. Doing a catapault launch from the USS Eisenhower was definitely a high spot.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I use Twitter, though I can’t say I love it. I’m on LinkedIn, which is genuinely useful. I also use Facebook and definitely hate that.

Q. Tell us something no one knows about you. Do you have any unusual or unexpected hobbies/interests? Do you have a claim to fame?

My phone number was printed in the first edition of the Hacker’s Handbook, back in 1985. That led to some very interesting late-night calls. And my latest hobby, with which I’m currently obsessed, is lock picking…

As the christmas lights start twinkling in shop windows and people’s living rooms, it isn’t all mince pies and tinsel in IT security land. Oh no, there are still plenty of deadlines speeding towards us with great velocity. One to be mindful of, as we cruise into the 2011 holiday season, is the call for papers deadline of Infosecurity Europe. The show itself will take place in late April, but the call for papers closes on December 16th this year.

http://www.computerweekly.com/guides/Social-Media-Awards-2011

And there are a lot of great ones to choose from in a variety of categories:

• Best IT video of the year
• Best new blog of the year
• Best use of social media (individual)
• Best use of social media (not-for-profit sector)
• Best use of social media (private sector)
• Best use of social media (public sector)
• CIO / IT Director of the year
• IT Professional blogger of the year
• IT Industry blogger of the year
• More information

But best of all there is an industry knees up for FREE!

Criteria no doubt apply, but go for it and we’ll see you there

If you would like the chance to attend the event, here are the details:

• ComputerWeekly Social Media Awards 2011
• London, Bridge
• 6pm to 9pm
• Tuesday 29th November
• RSVP: jason.woods@computerweekly.com

SANTA CLARA, CA. – October 24, 2011 – RSA® Conference (www.rsaconference.com) has announced its annual Innovation Sandbox program and has opened a call for submissions for the “Most Innovative Company at RSA Conference 2012.”

Innovation Sandbox is a half-day program at the event that explores the new technologies that promise to transform the information security industry, now and in the future.

Kicking off RSA Conference 2012 on Monday, February 27, Innovation Sandbox will feature demonstrations from information security’s new rising stars; interactive whiteboard sessions facilitated by industry experts; “Start-up Speed Dating” with venture capitalists; and the opportunity to speak with industry-leading research labs to learn what may lay ahead for the information security industry.

Companies are invited to submit an entry for the title of “Most Innovative Company at RSA Conference 2012 via online entry no later than 5 p.m. PT on Friday, December 2. More information, including the nomination form, can be found at: https://365.rsaconference.com/community/connect/innovationsandbox?

view=overview

Criteria to compete in the contest include:

• The product has been in the market for less than one year (launched after February 2011)

• The product has the potential to make a significant impact on the information security space

• The product can be demonstrated live and on-site during Innovation Sandbox

• The company has a management team that has proven success in the delivery of products to market

• The company must be privately held, with less than $5M in revenue in 2011

At the close of the submission period on Friday, December 2:

• Entries will be reviewed and ranked by a panel of judges that will include venture capital

professionals, CISOs, and other industry experts

• The top 10 ranked companies will be notified on Monday, December 19, and invited to demo their

product on Monday, February 27, at RSA Conference’s Innovation Sandbox, as well as present an

abbreviated business plan to the judging panel

• The top 10 finalists will also be recognized on the RSA Conference website with a company and

product profile, and will be promoted in other Conference public relations efforts

Last year’s winner and finalists were:

Loading widget…

Congratulations to Invincea, the 2011 winner!

The top ten finalists for the “Most Innovative Company at RSA® Conference 2011 each had an opportunity to present to a panel of judges as they competed to win.

The finalists in alphabetical order:

• CipherCloud
• ENTERSECT
• Gazzang Inc.
• HyTrust
• Incapsula Inc
• Invincea, Inc.                  
• Pawaa Software
• Quaresso
• Silver Tail Systems
• Symplified

Good luck to all those infosecurity start-ups looking to get to the top of the pile in the Innovation Sandbox.  We look forward to seeing you in the Moscone Center in February 2012.