By Rose Ross (@Rose_at_0)
As 2012 dawns, we have had the pleasure of getting an audience with renowned infosecurity blogger, Brian Honan. Keep an eye out for his blog SecurityWatch www.bhconsulting.ie/securitywatch if you aren’t already a fan.
Q. Tell us a bit about yourself:
I am an independent information security consultant based out of Dublin Ireland. When not providing services to my clients I enjoy writing articles for various magazines, blogging to my own site and now to Infosecurity Magazine Blogs, editing the SANS NewsBites and writing the occasional books are one way that I can articulate some of my ideas and reach a wider audience. I believe that a key element in our battle against criminals is sharing knowledge and information. I don’t pretend to know all the answers but if some of what I write makes people think differently, discuss an issue in more detail or look at an issue in a different way, then it is worth the time and effort put into the piece. I have also published and contributed to numerous whitepapers on information security and also speak regularly at various conferences and seminars. I also founded and run Ireland’s Computer Emergency Response Team, IRISSCERT www.iriss.ie.
Q. Tell us a little bit about the blogs you write for and their interest in data security.
My own blog, SecurityWatch www.bhconsulting.ie/securitywatch, is where I do a lot of my posting. Although, of late my rate of posting has dropped off. Likewise I used to regularly blog to the Infosecurity Magazine blog http://www.infosecurity-magazine.com/blog/ but have not done so in a while. One of my resolutions this year is to address this deficit and update both blogs more regularly. SecurityWatch is my own company’s blog so I use it to make people aware of some of the work we do, new industry initiatives, upcoming security events and also post some of my musings on information security. Infosecurity Magazine is one of the industry’s leading publications on information security and I tend to post more strategic or information security management issues.
Q. What’s hot in IT security this year?
I always worry when people focus on what is hot in IT security. My concern is that if we look at what is hot we tend to overlook the basics which in turn can lead to system compromises. However, providing organisations continue to take a risk based approach and address the basic disciplines in information security then the areas I see being hot this year are the consumerisation of IT, cloud computing, hacktivism and security awareness. Consumerisation of IT covers not just allowing employees to use their smartphones, tablets or personal PCs to work on but also personal services such as personal email accounts, file sharing solutions, online collaboration tools and social networks. Given the ease of use with these devices and services and also how tech savvy many people are today, those responsible for security can no longer simply ignore this issue and need to see how best to integrate into their work place and manage the associated risks. Cloud computing will continue apace this year and as more and more business people see the benefits that the cloud can bring, IT security needs to grasp this nettle and ensure cloud is embraced into their organisations in a secure manner or they will be simply bypassed by the business. Remember you do not need to be technical anymore to deploy and use many cloud services. You simply need a credit card and a mouse. Anonymous and other groups such as Lulzsec have focused the spotlight in 2011 onto hactivism with many major organisations hitting the headlines as a result, for all the wrong reasons. However, while hacktivism is nothing new the increasing media exposure to the likes of Anonymous is encouraging many others to come forward and use the Internet as a means to demonstrate their displeasure at the way companies, individuals or governments are behaving. So I see an increase in these type of attacks this year and already we are seeing an example of this with the tit for tat exchanges that are currently happening between activists in Israel and Saudi Arabia. In order to help minimise the risk of the above topics and to address the traditional and on-going threats we face I see many organisations looking at how to better educate their users to be more aware of information security risks and how to deal with them.
Q. How many security events do you attend each year?
I try and attend as many as I can, work permitting. Being based in Ireland means that for many major events I have to travel so I have to be rather choosy on which ones I go to. I always make sure that each year I get to attend both Infosec Europe and RSA Europe. I find these are great events to get to meet others in the industry and to keep up to date with what is going on. Last year I attended and spoke at BsidesLondon and found it to be an excellent event and hope to attend again this year. I also run the Irish CERT’s Annual Cybercrime conference in November and it is fast becoming one of the top security events in Ireland. I also look to attend local chapter events for organisations such as ISSA, ISACA and OWASP. These events are excellent in allowing people to network with their peers in the local area and to discuss issues of common interest. If you cannot get to attend any of the major events I would strongly recommend people look towards their local ISSA, ISACA and OWASP chapters for their events.
Q. Which one are you most looking forward to?
I look forward to Infosec Europe and RSA Europe a lot as I get to meet friends and peers that I may not see as regularly as I wish. It is often a chance to meet with new people or to come across a new product idea or interesting speaker. While it requires a lot of work, the Irish CERT Cybercrime conference is also a favourite as it is an opportunity for us to invite great speakers to address an Irish audience and for those attending to network with each other.
Q. What types of stories or companies are likely to attract your attention this year?
Those that look at addressing the basic issues in IT security and look to engage with the community on dealing with those issues. This approach though is not attractive to many in marketing as it requires investing time and resources in building up relationships and can be a long slow burn to achieve any direct results. But from the organisations I have seen take this approach the dividends gained can be quite large.
Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?
Email is the best contact, brian.honan(at)bhconsulting(dot)ie or via Twitter @brianhonan.
Q. Who is worth listening to (about IT security) and what’s your favourite blog?
Those that are engaged in the trenches in dealing with IT security issues and tend not to put a marketing or sales spin onto the topic. A good list of people on Twitter to follow is Tripwire’s Top 25 Influential People to Follow on Twitter http://www.tripwire.com/state-of-security/it-security-data-protection/top-25-influencers-in-security-you-should-be-following/
Q. What is your favourite piece of technology?
The Internet, I know it is composed of many different technologies but when you think about how it has changed our lives, both personal and business, it is amazing.
Q. What do you think is the most important development in IT security to date?
I think one of the most important developments in IT security to date is the information sharing forums or groups that have been set up to help organisations, both private and public, to share information and intelligence on criminal activities and devise strategies on how to address them. While technology will help us tackle some of these threats, it is humans at the end of the day who are actually posing the threats and it will be humans working for the common good that ultimately can best address those threats. So the setting up and running of the first CERT, CERT/CC www.cert.org, was a major forwarding initiative and one that is still paying dividends today.
Q. What is the best piece of advice for companies pitching stories?
Avoid the FUD (Fear Uncertainty and Doubt) approach, the sky is not going to fall if someone does not use your product/service. Yes do highlight the issue but address it in a pragmatic way. Also don’t brand your solution to solve the latest security buzzword or that your product could have prevented the latest headline security breach.
Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?
I love social media as it provides me with the opportunity to keep in touch with friends and peers and access the thoughts of some of the best minds in the industry. While I have a profile on Facebook I am not as active there as I very wary about the way Facebook deals with the privacy of its users. I am very active on Twitter (@brianhonan) and LinkedIn (http://www.linkedin.com/in/brianhonan).
Copyright ©Launchpad Europe 2012. All rights reserved. You may copy and distribute this material as long as you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2Infosecurity.com, the original source of the work.
If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.
Black Hat returns to Las Vegas for its annual infosecurity event. Offering a number of opportunities for the infosec community, the event boasts more than 70 training workshops such as Advanced Malware Analysis, Attacking, Defending and Building SCADA systems and Android Application Hacking to name a few. Don’t hang about though- these informative sessions fill up quick. Click here to register under the earlybird offer before May 31st.
Countdown2infosecurity's Blog 