Latest news
I'm currently a senior security analyst for a consulting firm - Jacob and Sundstrom, but I'll be changing jobs in about a month to become a research engineer for Sourcefire. I've been involved with computer security for about eight years and it's been the most rewarding time in my career. I've worked with computers my entire career as a programmer, systems programmer, administrator, etc. and always enjoyed the work, but I've found security, particularly intrusion detection, fascinating.
I've been teaching and writing courseware for SysAdmin, Audit, Networking and Security (SANS) for over three years. That has kept me pretty busy and left little spare time, but I still manage to do some cycling in the more clement months. In years past when I was more active and fit, I biked in Colorado, Montana, Arizona, New Mexico, and Vermont in pursuit of finding mountains. I enjoy the challenge of a good climb and the thrill of getting to the top. It's about the only time my mind isn't preoccupied with 50 million other annoying thoughts since you pretty much have to concentrate all your effort on being in the correct gear, keeping hydrated, not falling over and taking in the awesome scenery.
How did you gain interest in computer security?
Actually, it was a rather fortunate accident. I've been doing computer-related work since graduating from Jurassic Park University years ago. I was doing UNIX system administration about eight years ago at a site that had over forty computers compromised due to lack of security awareness and protection. Computer security wasn't really an issue back then and the site had a packet-filtering router that was more a sieve and less a barrier to traffic for their perimeter defense. The site only learned of the compromises from a more security-aware site that discovered our compromised computers attacking theirs - how embarrassing. As an aftermath to the whole horrible incident, I was asked to join a computer security team that they formed. We were pretty naive and ignorant at the time, but you can't stay that way for long and defend your site!
Which are your favourite security tools and why?
Spotlight
The security of WordPress plugins
Posted on 18 June 2013. | Checkmarx’s research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection.
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
