Amrit Williams, BigFix CTO, talks with Al Huger, serial security start-up entrepreneur, on Huger’s latest venture, Immunet. Huger believes that the rapid mutation of malware has oustripped the ability of signature-based anti-virus products to cope with it. Immunet proposes a community-based cloud approach, where communities of similarly employed computers (for example, an enterprise-office worker community, or 18-25 year old social media junkie community) share information in a cloud and take measures to stop aberrant behaviors. Although Huger says his company focuses initially on consumer markets, Amrit believes that enterprises might also take to this approach.

Podcast

In this third conversation between BigFix CTO Amrit Williams and Cambridge Infosec Associates principal Nick Selby, Selby says that between IT security, operations and general management suffer greatly from poor communications. Lack of a common language not only prevents cross-functional security programs, but even inhibits discussion of security issues in business-like terms. Here, security professions need to stop talking about “threats” and be able to articulate calculated “risks” to the organization’s vital interests emanating from IT security concerns.

Podcast

BigFix CTO Amrit Williams continues his conversation with Cambridge Infosec Associates principal Nick Selby, turning to Selby’s view that too many organizations confuse IT compliance with security. Here, senior managers often find themselves asking, “Why did we suffer a security breach when we were in compliance with regulation X?” Selby also believes that IT security staffs are sometimes guilty of manipulating the compliance mission to attract funding and backing for security programs.

Podcast

BigFix CTO Amrit Williams and Nick Selby, co-founder of Cambridge Infosec Associates talk about Nick’s new security risk management consultant company. Amrit and Nick also recall their previous work as information technology industry analysts at, repectively Gartner and The 451 Group. They agree that their work at these firms was excellent preparation for their current roles as security and system management company CTO and risk management consultant.

Podcast

BigFix CTO Amrit Williams gets the low down on the Security B-Sides events from Jack Daniel, self-described Security Curmudgeon. Security B-Sides have grown up rapidly as a forum for papers and and presentations that did not make it on to the official program at Black Hat and Defcon Conferences dute to time and logistics limitations. Daniel reports on this year’s B-Sides that brought together security luminaries at a private residence five miles off the Vegas Strip for informal information exchange, purposeful relaxation, and professional socialization. Better yet, Security B-Sides is growing into a series of events around the US, with the next installment scheduled for San Francisco on the fringes of the 2010 RSA Conference. For more information, visit www.securitybsides.com

Podcast

BigFix CTO Amrit Williams meets up with IT Security Curmudgeon Jack Daniel to talk about practical approaches to IT security for small and medium businesses (SMB). In Daniel’s view, smaller organizations would do themselves a world of good by taking simple and prudent measures to reduce security risks rather than reacting to the latest reports of exotic attacks on high-value infrastructures. As the old saying goes, one does not need to outrun bears so much as run faster than other people being chased. For more on Jack Daniel, visit http://blog.uncommonsensesecurity.com/

Podcast

BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?

Podcast

BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year’s Black Hat and Defcon conferences, with special emphasis on Johnny’s Long’s Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you’re there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?

Podcast

BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman conclude their discussion on web application security by looking at ways organizations can build in security features and resistance to attack over the life cycles of in-house developed web applications. While design-for-security should start in the initial spec and coding processes, security mindedness needs to continue throughout an application’s life cycle as the application evolves to meet changing technical and business requirements.

Podcast

BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman continue their discussion on web application security by looking at what kinds of operational controls organizations can institute to enable more effective management and protection of web applications over their life cycles. As many web applications are in-house efforts, this often requires organizations to make decisions and enforce policies that would otherwise be the domain of third-party application vendors.

Podcast