In this third conversation between BigFix CTO Amrit Williams and Cambridge Infosec Associates principal Nick Selby, Selby says that between IT security, operations and general management suffer greatly from poor communications. Lack of a common language not only prevents cross-functional security programs, but even inhibits discussion of security issues in business-like terms. Here, security professions need to stop talking about “threats” and be able to articulate calculated “risks” to the organization’s vital interests emanating from IT security concerns.

Podcast

BigFix CTO Amrit Williams continues his conversation with Cambridge Infosec Associates principal Nick Selby, turning to Selby’s view that too many organizations confuse IT compliance with security. Here, senior managers often find themselves asking, “Why did we suffer a security breach when we were in compliance with regulation X?” Selby also believes that IT security staffs are sometimes guilty of manipulating the compliance mission to attract funding and backing for security programs.

Podcast

BigFix CTO Amrit Williams and Nick Selby, co-founder of Cambridge Infosec Associates talk about Nick’s new security risk management consultant company. Amrit and Nick also recall their previous work as information technology industry analysts at, repectively Gartner and The 451 Group. They agree that their work at these firms was excellent preparation for their current roles as security and system management company CTO and risk management consultant.

Podcast

BigFix CTO Amrit Williams gets the low down on the Security B-Sides events from Jack Daniel, self-described Security Curmudgeon. Security B-Sides have grown up rapidly as a forum for papers and and presentations that did not make it on to the official program at Black Hat and Defcon Conferences dute to time and logistics limitations. Daniel reports on this year’s B-Sides that brought together security luminaries at a private residence five miles off the Vegas Strip for informal information exchange, purposeful relaxation, and professional socialization. Better yet, Security B-Sides is growing into a series of events around the US, with the next installment scheduled for San Francisco on the fringes of the 2010 RSA Conference. For more information, visit www.securitybsides.com

Podcast

BigFix CTO Amrit Williams meets up with IT Security Curmudgeon Jack Daniel to talk about practical approaches to IT security for small and medium businesses (SMB). In Daniel’s view, smaller organizations would do themselves a world of good by taking simple and prudent measures to reduce security risks rather than reacting to the latest reports of exotic attacks on high-value infrastructures. As the old saying goes, one does not need to outrun bears so much as run faster than other people being chased. For more on Jack Daniel, visit http://blog.uncommonsensesecurity.com/

Podcast

BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?

Podcast

BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?

Podcast