Bernard of Chartres wrote, “We are like dwarfs standing upon the shoulders of giants, and so able to see more and see farther than the ancients.” The answer to many problems in life are within our grasp if only we change our perspective. We just need to build upon the knowledge of others. This is one of the most powerful aspects of podcasts and blogs. Experts in all different fields are volunteering their time to provide valuable information.
Eric Cole put it well while talking with Gary McGraw on the Silver Bullet Security Podcast:
To be a good practitioner in network security, you really need to be creative. In the past, security were alway the people who said “No”. “Can we do this?” “No, no, no.” If someone comes to you, and all you keep telling them is “no”, they just will not ask you anymore. Today security is all about saying “yes” in a creative manner. You really need to have that creative juices flowing, coming up with really unique solutions. You also have to have that thirst of knowledge because there are always new problems and issues.
I was surprised while talking to some fellow security professionals to hear them state they do not listen to podcasts. We all suffer from chronic lack of time. I knew a manager who would always come to meetings late, spend the whole meeting reading papers (today it would be on his laptop), and then at the end of the meeting ask questions requiring folks to repeat material already discussed. Many people viewed that manager as incredibly busy. They admired that about him. Now I liked the guy, but I hated attending meetings with him because he would waste my time. For me, podcasts provide an opportunity to slow down and listen to people talk about subjects they are passionate about. Sure, alot of times I may be half listening. Still, I feel I gain from slowing down and listening to people talk.
Recently, I had to do a bit of driving. I spent twenty six hours driving in a ten day period. This provided me the opportunity to listen to a good deal of the podcasts I had fallen behind on. While I will post podcasts of interest under “Recent Podcasts” (bottom right), I wanted to focus on a few of these podcasts.
Silver Bullet Security Podcast
A consistently strong podcast is the Silver Bullet Security Podcast by Gary McGraw. The podcast comes out just once a month. I have already mentioned the most recent episode with Eric Cole in two blogs. Here is a description (from the site) of Eric’s Interview, “Gary talks with Eric Cole, CEO of Secure Anchor. Eric has written seven books on computer security, including books on steganography and network security. Gary and Eric discuss how to demonstrate security ROI in different types of organizations (ranging from government to corporate), the academic approach to security versus practitioner certification models, and what kinds of training makes for good network security practitioners. They also discuss the difficulty of certifying software developers.”
CERT’s Podcast Series: Security for Business Leaders
This podcast comes out once every few weeks and is a must listen in my book. I really enjoyed the “Tackling Security at the National Level: A Resource for Leaders” episode featuring Jeff Carpenter and Julia Allen. One outstanding aspect of this podcast are the show notes. Pulling from the executive summary, this episode discusses how “Not all information security incidents can be handled in-house. Some require coordination with third-party forensics firms or law enforcement personnel, others with external partners or suppliers, and still others with national or global organizations. In these latter types of incidents, the expertise of a national CSIRT (Computer Security Incident Response Team) can be a valuable resource for business leaders … In this podcast, Jeff Carpenter, the technical manager of the CERT Coordination Center, discusses how national CSIRTs work and how business leaders can make use of national CSIRTs’ expertise to handle large-scale, critical situations as smoothly as possible.”
ITRadio.com.au
It might seem odd going to Australia for security news, but there is something about the two shows on ITRadio.com.au that I simply enjoy. I don’t think it is only the accents, though I do appreciate the hosts greatly. ITRadio.com.au produces two enoyable shows:
- Risky Business, the weekly IT security podcast produced and hosted by Patrick Gray
- A Series of Tubes, the networking and integration podcast with Ian Yates.
Patrick Gray is the founder of ITRadio.com.au and a freelance journalist specialising in IT security. Ian Yates is a veteran IT journalist who has won two awards for his opinion columns; Consensus IT Writers Awards Most Entertaining Writer and MediaConnect IT Journalism Awards Best Technology Columnist.
The most recent “A Series of Tubes” podcast is titled “Backing it up.” I really enjoyed this episode, which might indicate I need to get out more. To quote the site, “Freelance journalist Adam Turner, who writes for The Age and The Sydney Morning Herald, brings us up-to-date with the latest news in networking and systems integration. Greg Wyman from StorageCraft talks about the benefits of snapshots. Clive Gold from EMC reminds us not to forget the data hiding on desktop PCs. Analyst Kevin McIsaac from IBRS warns us not to believe everything we hear. Ronnie Altit from Dimension Data says offsite is safest.”
The most recent “Risk Business” podcast is titled “Embassies pwned, adware suits and APEC.” The episode, to quote the site, covers, “Host Patrick Gray and ZDNet Australia editor Munir Kotadia discuss the week’s headlines. RSA Security’s country manager discusses secure telecommuting. PC Tools chief executive Simon Clausen does a postmortem on the failed adware company lawsuit against his company and Kaspersky labs. Robert Lording, Verizon Business Security Solutions network security manager discusses the telco’s role in preventing the spread of malware.”
Security Round Table
This podcast does not occur at any kind of consistent schedule. When it does come out, it brings together an all star cast from the security field. The latest episode, “The Security Round Table for August 2007 – Security Career Success” brought up many points that I found myself thinking about. Particularly the idea of a career verses a job. I will not say anyhting further, you will need to listen to the podcast. The site describes the show as having “assembled an expert panel to explore the keys to a successful security career – and how you can find the perfect job for you. We recorded this discussion on Tuesday, August 14th 2007 and present it now for your listening pleasure.”
CyberSpeak
Bret Padres and Ovie Carroll, two former federal agents “talk about computer forensics, network security and computer crime” on their podcast. These guys are just great to listen to. They know what they are talking about. Their shows have not been too regular lately. I am amazed that podcasters who can keep regular schedules. Enjoy the shows when they come out. The shows will generally cover recent news and then be followed by an interview. I believe on their CyberSpeak 29 July 2007 episode, they discussed Apple forensics; a very interesting topic to me.
IT Conversations
IT Conversations is one of those podcasts that is somewhat difficult to describe. They descibe themselves as “an online publisher of recordings of spoken-word events such as conferences, lectures and meetings as well as shows hosted by experts in their fields.” Phil Windley is the executive producer. If I had more time, I would listen to all of IT Conversations podcast and would be a much more rounded IT person. As it is, I’ll listen to as many as I can and regrettable skip over some.
An example of a recent podcast was with Chris Sacca titled, “Unlicensed Spectrum: Tales from the Lamppos.” This episode was described as, “as more and more services and opportunities become available on the World Wide Web, the gap between those who are connected and those who aren’t is becoming an increasing problem. Access to the internet is certainly not yet ubiquitous, and where it is accessible the costs are often high, and the choices for service low. In this talk, Chris Sacca, the Head of Special Initiatives at Google, Inc., explains some of the trials and tribulations that Google faced while installing its free Wi-Fi network in Google’s hometown of Mountain View, California.” I, along with Greg Cole, many many years ago were principal developer for the community network for the Knoxville Oak Ridge Regional Network (KORRNet). It is interesting to hear the same battles are going on. Fortunately, Google’s war chest is a bit larger.
Another great episode was with Andrew Jaquith and Dan Geer. Phil Windley has a consistently informative show on IT Conversations titled Technometria. A recent episode titled “Technometria: Security Metrics” can be described as “in The Book of Risk, Dan Borge writes that ‘the purpose of risk management is to change the future, not to explain the past.’ The subtitle of Andrew Jaquith’s book is ‘Replacing Fear, Uncertainty, and Doubt‘ and that is a clear description of the purpose of security metrics. Phil and Scott are joined by Andrew, as well as Daniel Geer, Vice President and Chief Scientist of Verdasys. The group discuss the concepts and purpose of metrics in security management. Andrew and Dan first review their backgrounds and what led them to become involved in technology security. They talk about how they quickly discovered that it was important to quantify security issues, particularly as a way to better predict future problems. Jaquith also discusses his book in detail, starting with the concept of the ‘Hamster Wheel of Pain’. They assess why people fail to properly measure security as well as what makes a good metric.
Gartner Voice
This podcast can be a hit or miss with me. I keep an ear on business, but there is much about business that does not interest me. Their show, “A Conversation with Michael Oxley” was a grand slam. This show provided an opportunity to listen to Michael Oxley, former U.S. Congressman, co-author of the Sarbanes-Oxley Act and Vice Chairman of the NASDAQ, elaborate on his career.
Enterpise Leadership
Tom Parish does a good job interviewing “industry thought leaders and innovators.” I like to listen to CIO talk because these are the folks I need to explain why and how security need to be implemented within the company. The show describes itself as, “a collaborative site dedicated to sharing knowledge about IT, business, and the business of IT.” Having worked for DOE, I enjoyed the episode “Charlie Catlett: Stretching the Boundaries from TeraGrid to Second Life.”
Concluding Remarks
There are many more great podcasts. Since I want to finish up this post and get to bed, I’ll refrain from spotlighting any more. Please do look at the podcasts listed under “Recent Podcasts” and the “Podcast” page on this site.
As for the answer to the quoted riddle that started this blog, follow the link. Always remember, I do not blog because I love to read my own words. Those words are rambling around my head all the time, so I get to hear them continuously. My postings are about the links. If you follow the riddle’s link, you will find yourself at a very interesting site, SharpBrains. The site states its mission is to raise public awareness of science-based cognitive and emotional training research and programs. If you follow the link on the photo, it will take you to Mycoted which is a UK based company that specialises in Creativity and Innovation.
We live during a fascinating time where so much knowledge is at our fingertips. Sure, there are dangers. That is why I so enjoyed hearing Eric Cole. I know of many security professionals that express total disdain for technologies being developed today. I understand; it would make the life of the security engineer so much easier if we could just say “no.” Interconnecting all these people from different walks of lives and countries was an extremely risky thing to do. What ever were we thinking? For the sake of security, would it not be easier to just say “no” to the Internet? That is not our job. Our job is to support business requirements. If to help our business operate more efficiently, the business needs to collaborate and share information in innovative ways, than we need to know the technologies. We also need to be figuring out how to secure these new technologies. To do this, we need to listen and learn.
[...] the posting, “The Many Faces of Podcasting,” I talked about a few of the security podcasts I find consistently interesting. Podcasts can [...]