Archive for the ‘Infosecurity’ Category

h1

Award Opportunity: Submit your entries to the SC Awards by January 16th!

January 9, 2015

By Rosalind Carr, @Rosalind_at_O

SC Awards 2015

Infosec players have just a week left to enter

Is your company or client dedicated to infosecurity? If you have a top class cloud computing security solution, fraud prevention solution, mobile security invention – or any other infosecurity service for that matter – then the SC Awards Europe could be for you!

The European awards welcome all information security vendors, service providers and professionals – split into three main categories of Threat Solutions, Industry Leadership and Professional Awards.

Sub-categories include…

  • Best Advanced Persistent Threat (APT) Protection
  • Best Computer Forensic Solution
  • Best Data Leakage Prevention (DLP) Solution
  • Best Email Security Solution
  • Best Web Content Management Solution
  • Best Emerging Technology
  • Best Security Team

Read the rest of this entry ?

h1

@CyberSec_EXPO call for speakers deadline 7th April

March 28, 2014

By Rosalind Carr, @Rosalind_at_O

 

IP-EXPO-EuropeCyber-Security-Expologo

 

In its first year, Cyber Security EXPO, part of IP EXPO Europe 2014, is in search of senior information security and technology experts to present at this targeted information security event. According to the event’s Content Director Mike England, “Cyber Security EXPO will delve into the issues set to disrupt the status quo in cyber security thinking with a view to providing visitors with a real understanding of the challenges that are impacting on their organisations.”

Taking place from 8th – 9th October 2014 at ExCeL London, Cyber Security EXPO will incorporate a dedicated CISO conference plus education theatres and a significant exhibition. It will examine major themes, including:

  • Internet & Network Security
  • Fighting Cyber-Crime
  • Log Data & Advanced Analytics
  • Identity & Privacy Protection
  • Cloud Security & Governance
  • Mobile Device Management

Read the rest of this entry ?

h1

Black Hat USA opens early registration for annual infosecurity event in Las Vegas

March 12, 2013

By Rosalind Carr, @Rosalind_at_O

BlackHatLogo2Black Hat returns to Las Vegas for its annual infosecurity event. Offering a number of opportunities for the infosec community, the event boasts more than 70 training workshops such as Advanced Malware Analysis, Attacking, Defending and Building SCADA systems and Android Application Hacking to name a few. Don’t hang about though- these informative sessions fill up quick. Click here to register under the earlybird offer before May 31st.

Copyright ©Launchpad Europe 2013. All rights reserved. You may copy and distribute this material as long as  you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2InfosecurityExpo.com, the original source of the work.

If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.

h1

Infosecurity Europe Call for Papers Deadline Approaching

December 10, 2012

By Olivia Shannon, @Olivia_at_O

Confirmed exhibitors at Infosecurity Europe 2013 have just two days left to prepare their speaker submissions. The official call for papers is available here. Don’t worry if you’re having trouble narrowing down your speaking topics to just one: Each company may submit a maximum of three speaker submissions. Just remember to keep your pitches vendor-neutral, because sales and product pitches will not be accepted. A guidance document with advice on preparing your submissions is available here. The deadline is this Wednesday, 12th December.

h1

#RSAC exclusive: Q & A with @InfosecEditor AKA Eleanor Dallaway, Editor of Infosecurity Magazine

March 8, 2012

Eleanor at the tea room enjoying a traditional English tea California style

By Rose Ross, @Rose_at_O

At RSA in San Francisco last week, we were fortunate enough to grab a bite with Eleanor Dallaway, Editor and Associate Publisher of Infosecurity Magazine, which was recently rebranded and relaunched. Our lunch and learn was an excellent opportunity to find out more about Eleanor and her publication. This is what we learned over our cream tea in the Yerba Buena Gardens above the Moscone Center.

Q.  Tell us a bit about yourself: 

I’ve been on Infosecurity Magazine for six years, and I’ve been Editor for nearly four of those years. I have also been associate publisher of the magazine for almost a year, which means I serve as a bridge between the commercial side and the editorial team.

When I started with Elsevier, the publishing company that owned Infosecurity Magazine, I was also working on Metal Powder Report — quite an eye-opener after covering things like alcoholism and other student-related issues for Label, a lifestyle publication with links to Loughborough University, where I studied English. Before Label, I got journalism experience on the news desk and then features desk for a local newspaper, the Leicester Mercury.

 Q. Tell us a little bit about Infosecurity Magazine

Infosecurity Magazine focuses on the business and strategy side of infosecurity. It doesn’t do product reviews, for example. Instead we look at how security integrates into the business. We are very end user focused. Read the rest of this entry ?

h1

Up close and personal Q and A with infosecurity Security Watch blogger @BrianHonan, a diamond from the Emerald Isle

January 18, 2012

By Rose Ross (@Rose_at_0)

As 2012 dawns, we have had the pleasure of getting an audience with renowned infosecurity blogger, Brian Honan. Keep an eye out for his blog SecurityWatch www.bhconsulting.ie/securitywatch if you aren’t already a fan.

Q.  Tell us a bit about yourself:

I am an independent information security consultant based out of Dublin Ireland.  When not providing services to my clients I enjoy writing articles for various magazines, blogging to my own site and now to Infosecurity Magazine Blogs, editing the SANS NewsBites and writing the occasional books are one way that I can articulate some of my ideas and reach a wider audience.  I believe that a key element in our battle against criminals is sharing knowledge and information.  I don’t pretend to know all the answers but if some of what I write makes people think differently, discuss an issue in more detail or look at an issue in a different way, then it is worth the time and effort put into the piece.  I have also published and contributed to numerous whitepapers on information security and also speak regularly at various conferences and seminars.  I also founded and run Ireland’s Computer Emergency Response Team, IRISSCERT www.iriss.ie.

Q. Tell us a little bit about the blogs you write for and their interest in data security.

My own blog, SecurityWatch www.bhconsulting.ie/securitywatch, is where I do a lot of my posting.  Although, of late my rate of posting has dropped off.  Likewise I used to regularly blog to the Infosecurity Magazine blog http://www.infosecurity-magazine.com/blog/ but have not done so in a while.  One of my resolutions this year is to address this deficit and update both blogs more regularly.   SecurityWatch is my own company’s blog so I use it to make people aware of some of the work we do, new industry initiatives, upcoming security events and also post some of my musings on information security.  Infosecurity Magazine is one of the industry’s leading publications on information security and I tend to post more strategic or information security management issues.

Q. What’s hot in IT security this year?

I always worry when people focus on what is hot in IT security.  My concern is that if we look at what is hot we tend to overlook the basics which in turn can lead to system compromises.  However, providing organisations continue to take a risk based approach and address the basic disciplines in information security then the areas I see being hot this year are the consumerisation of IT, cloud computing, hacktivism and security awareness.  Consumerisation of IT covers not just allowing employees to use their smartphones, tablets or personal PCs to work on but also personal services such as personal email accounts, file sharing solutions, online collaboration tools and social networks.  Given the ease of use with these devices and services and also how tech savvy many people are today, those responsible for security can no longer simply ignore this issue and need to see how best to integrate into their work place and manage the associated risks.  Cloud computing will continue apace this year and as more and more business people see the benefits that the cloud can bring, IT security needs to grasp this nettle and ensure cloud is embraced into their organisations in a secure manner or they will be simply bypassed by the business.  Remember you do not need to be technical anymore to deploy and use many cloud services.  You simply need a credit card and a mouse.  Anonymous and other groups such as Lulzsec have focused the spotlight in 2011 onto hactivism with many major organisations hitting the headlines as a result, for all the wrong reasons.  However, while hacktivism is nothing new the increasing media exposure to the likes of Anonymous is encouraging many others to come forward and use the Internet as a means to demonstrate their displeasure at the way companies, individuals or governments are behaving.  So I see an increase in these type of attacks this year and already we are seeing an example of this with the tit for tat exchanges that are currently happening between activists in Israel and Saudi Arabia.  In order to help minimise the risk of the above topics and to address the traditional and on-going threats we face I see many organisations looking at how to better educate their users to be more aware of information security risks and how to deal with them.

Q. How many security events do you attend each year?

I try and attend as many as I can, work permitting.  Being based in Ireland means that for many major events I have to travel so I have to be rather choosy on which ones I go to.  I always make sure that each year I get to attend both Infosec Europe and RSA Europe.  I find these are great events to get to meet others in the industry and to keep up to date with what is going on.  Last year I attended and spoke at BsidesLondon and found it to be an excellent event and hope to attend again this year.  I also run the Irish CERT’s Annual Cybercrime conference in November and it is fast becoming one of the top security events in Ireland.  I also look to attend local chapter events for organisations such as ISSA, ISACA and OWASP.  These events are excellent in allowing people to network with their peers in the local area and to discuss issues of common interest.  If you cannot get to attend any of the major events I would strongly recommend people look towards their local ISSA, ISACA and OWASP chapters for their events.

Q. Which one are you most looking forward to?

I look forward to Infosec Europe and RSA Europe a lot as I get to meet friends and peers that I may not see as regularly as I wish.  It is often a chance to meet with new people or to come across a new product idea or interesting speaker.  While it requires a lot of work, the Irish CERT Cybercrime conference is also a favourite as it is an opportunity for us to invite great speakers to address an Irish audience and for those attending to network with each other.

Q. What types of stories or companies are likely to attract your attention this year?

Those that look at addressing the basic issues in IT security and look to engage with the community on dealing with those issues.  This approach though is not attractive to many in marketing as it requires investing time and resources in building up relationships and  can be a long slow burn to achieve any direct results.  But from the organisations I have seen take this approach the dividends gained can be quite large.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Email is the best contact, brian.honan(at)bhconsulting(dot)ie or via Twitter @brianhonan.

Q. Who is worth listening to (about IT security) and what’s your favourite blog?

Those that are engaged in the trenches in dealing with IT security issues and tend not to put a marketing or sales spin onto the topic.  A good list of people on Twitter to follow is Tripwire’s Top 25 Influential People to Follow on Twitter http://www.tripwire.com/state-of-security/it-security-data-protection/top-25-influencers-in-security-you-should-be-following/

Q. What is your favourite piece of technology?

The Internet, I know it is composed of many different technologies but when you think about how it has changed our lives, both personal and business, it is amazing.

Q. What do you think is the most important development in IT security to date?

I think one of the most important developments in IT security to date is the information sharing forums or groups that have been set up to help organisations, both private and public, to share information and intelligence on criminal activities and devise strategies on how to address them.  While technology will help us tackle some of these threats, it is humans at the end of the day who are actually posing the threats and it will be humans working for the common good that ultimately can best address those threats.   So the setting up and running of the first CERT, CERT/CC www.cert.org, was a major forwarding initiative and one that is still paying dividends today.

Q. What is the best piece of advice for companies pitching stories?

Avoid the FUD (Fear Uncertainty and Doubt) approach, the sky is not going to fall if someone does not use your product/service.  Yes do highlight the issue but address it in a pragmatic way.  Also don’t brand your solution to solve the latest security buzzword or that your product could have prevented the latest headline security breach.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I love social media as it provides me with the opportunity to keep in touch with friends and peers and access the thoughts of some of the best minds in the industry. While I have a profile on Facebook I am not as active there as I very wary about the way Facebook deals with the privacy of its users.  I am very active on Twitter (@brianhonan) and LinkedIn (http://www.linkedin.com/in/brianhonan).

Copyright ©Launchpad Europe 2012. All rights reserved. You may copy and distribute this material as long as  you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2Infosecurity.com, the original source of the work.

If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.

h1

Q and A with a very likeable and ethical hacker: Steve Mansfield-Devine AKA @contrarisk – Editor of Network Security and Computer Fraud & Security

December 21, 2011

By Rose Ross, @Rose_at_O

Well infosec PR peeps, Christmas certainly has come early this year. If you need a code to crack or a lock to pick. Who ya gonna call? Steve Mansfield-Devine of course….

Q. Tell us a bit about yourself:
I’ve been a journalist for 30 years, freelance for most of that time. I’ve covered all kinds of subjects, from gaming in Nevada to life in the US Marines. I’m a private pilot and so have written for flying magazines. And I do some work in the defence sector. But overwhelmingly my beat has been technology. I started to specialise in infosecurity a few years ago and became editor of Network Security and Computer Fraud & Security about 18 months ago. This year I became a Certified Ethical Hacker (CEH).

Q. Tell us a little bit about the titles you write for and their interest in data security.

Network Security and Computer Fraud & Security are monthly, subscription-only journals aimed at infosec professionals and institutions. They focus mostly on technical issues, although we do cover infosecurity strategies and policies. We assume a high level of knowledge on the part of our readers and run in-depth features, typically starting at 2,000 words and often running as long as 6,000.

Q. What’s hot in IT security this year?

People can’t seem to stop talking about comsumerisation, which is clearly an issue. And the cloud is making a lot of people very obsessive – to an exaggerated degree, I think. There’s been a lot of talk about ‘hacktivism’ too, of course, but I think that’s also over-hyped. The likes of Anonymous and LulzSec are media-friendly – especially to those parts of the media that don’t understand infosecurity. But from both a technical standpoint and a business impact perspective, it’s fairly trivial stuff. That may change if the volume of hacktivism increases. There’s an associated issue, which isn’t hacktivism per se, but which I think is far more significant, and that’s how people are using communication networks in support of genuine activism, as in the case of the Arab Spring. And there’s the dark side of that, too, with the attempt by various authorities to kill thse networks as an act of oppression. That’s going to be a very interesting area to watch.

Q. How many security events do you attend each year?

I try to get to three or four. Being based in rural France makes it a little difficult sometimes. But InfoSecurity is a must, and RSA is high on my priority list.

Q. Which one are you most looking forward to?

SecurityBsides London. Last year was the first time it was held in London and I found it invaluable. I got to meet a lot of people who actually do security – rather than selling it or talking about it. I got to talk to a number of pen-testers and security professionals who were able to give a very different picture to the glossy products that tend to dominate trade shows.

Q. What types of stories or companies are likely to attract your attention this year?

The mobile market is getting very interesting. When it comes to malware and other exploits, Android is starting to look like the Windows 98 of the 21st Century. With smartphones outselling PCs and the rise of tablets, mobile networking is where the action is going to be from a security perspective. That, of course, is why so many people are focused on consumerisation. But that’s just about Bring Your Own Device issues: mobile is a hot topic that extends well beyond the problems of securing smartphones within the corporate perimeter.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Definitely email – smd[at]contrarisk[dot]com. You may be lucky and get my attention via Twitter (@contrarisk), but I can’t guarantee it. Never by phone.

Q. Who is worth listening to (about IT security)?
Pen-testers. They know where the bodies are buried. Strangely, that saying is usually metaphorical…

Q. What is your favourite piece of technology?

My iPhone. Sometimes I even use it as a phone.

Q. What do you think is the most important development in IT security to date?

That’s a very broad question. What strikes me as the most significant issue in security is what hasn’t happened – and that’s to do with our inability to get to grips with the Layer 8 problem. For all our fancy new technology – next-generation firewalls, IPSs, Security as a Service – we still continually fall prey to our inability to adopt secure habits. That affects everyone – from software writers who don’t build security into the development lifecycle, and still produce code vulnerable to buffer overflows or SQL injection, to individuals who re-use weak passwords and fall victim to even the most blatant social engineering tricks. Computers and the Internet are now such an intrinsic part of the fabric of our lives that it’s time we put some real effort into raising awareness.

Q. What is the best piece of advice for companies pitching stories?

Make them technical. I want details, facts, figures, examples and practical information — not opinion. We get offered way too many high-level opinion pieces.

Q. What was the best press trip you’ve ever been on? Worst? Why?

Oh well, that goes way back (as I do). It would have to be the NATO press trip to watch an amphibious assult exercise in the Med. Doing a catapault launch from the USS Eisenhower was definitely a high spot.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I use Twitter, though I can’t say I love it. I’m on LinkedIn, which is genuinely useful. I also use Facebook and definitely hate that.

Q. Tell us something no one knows about you. Do you have any unusual or unexpected hobbies/interests? Do you have a claim to fame?

My phone number was printed in the first edition of the Hacker’s Handbook, back in 1985. That led to some very interesting late-night calls. And my latest hobby, with which I’m currently obsessed, is lock picking…