After a great week in Michigan, tonight we pack up and prepare to head to Ohio tomorrow. Friday promises to be busy and exciting – and then on Saturday, we head to Maryland (Metro DC) for a week. Which brings me to the gifts I promised:

Join a conversation, get a free copy (hardcover) of Into the Breach

First – while in Maryland, I am attending CSI next week in support of the CompTIA Security Trustmark. It turns out that a chapter of Into the Breach examines how to evaluate, build and improve “third party trust” – what we need for success with our service providers and other vendors.

CompTIA Security Trustmark is hosting a handful of “catalyst conversations” to discuss my findings and examine how the industry handles this today, and what we can do in the future. This is not a sales pitch; rather, this is an opportunity to come together and work toward a common solution.

For those invited to attend, CompTIA will present you will your own copy of Into the Breach – which I will promptly autograph for you. Drop me an email – securitycatalyst (gmail) if you want to join us.

This leads me to my second offering…

Not going to CSI? Do you want to?

CSI was generous enough to share with me two ways for you to get involved:

* I can offer (I think) a free conference pass with full access – based on response. Here’s the deal – share with me the biggest challenge you face in changing how people protect information. The best answer gets a signed copy of the book and a pass to the show (I’ll hand you the book at the show).

* If you are already planning to attend, you can get 25% off your registration with code: BLOG25

I will do my best to both tweet (twitter id: catalyst) from CSI and report on interesting talks/findings from the floor. I will also be taking a limited number of vendor meetings to learn more about the products and solutions that make it easier for people to protect information. Shoot me a note if there is a product you want me to check out and report back on. 

If you enjoyed this post, make sure you subscribe to my RSS feed!

While in Kansas City next week, I have been invited (Thanks Ax0n!) to the Cowtown Computer Congress - and look forward to a relaxing - and engaging evening. If you are in or near the Kansas City area, I hope you make the time to come and spend time with other passionate professionals.

More details here: http://www.h-i-r.net/2008/10/catalyst-on-tour-michael-santarcangelo.html

If you enjoyed this post, make sure you subscribe to my RSS feed!

I am honored to be a speaker on protecting information for the Microsoft Small Business Summit on Wednesday. I fly out to Redmond on Tuesday morning - and have my moments during the day on Wednesday.

You can follow along live! At this link:

http://www.microsoft.com/smallbusiness/summit/

I am a day 2 speaker - with an impressive lineup of guests:

http://www.microsoft.com/smallbusiness/summit/guests.aspx

This is a live program, but I have been working with the producers for a few weeks now - and I am excited about the questions, thought process and opportunity to share some different thinking about what businesses need to do to protect them. More, we’re also going to explore how the right approach to protecting your business can actually save money and increase the opportunity for more revenue (as outlined in Into the Breach). To me, that’s a really cool conversation.

I hope you check it out. I look forward to the opportunity continue to conversations through this blog, the podcast(s) and as we fire up the diesel and head out on the road again (Friday - next stop, Kansas City!).

If you enjoyed this post, make sure you subscribe to my RSS feed!

With all the activity the fall brings, take a few moments to learn from your fellow catalysts - and the time to share your experiences. This is what unites us as professionals. Even when we feel we lack the time, making the time to engage brings benefit to every person involved.

I am also spending more time on twitter these days - and would love to engage in the conversation with you. You can learn more about twitter here: http://twitter.com/ and “follow” and chat with me here: https://twitter.com/catalyst

Discussion Forum Activity

Here are some recent discussions ripe for contribution or learning:

•  Standards Document Supporting an Encryption Policy
•  ISO 17799/27001/27002
• Researching malicious file types
• Need a Multi-function Inkjet (INTERESTING CAVEATS TO CONSIDER)
• Nevada & E-mail Encryption Requirement      

List of community blogger and podcasters

(I am working to ensure the list is accurate and separate out the blogs from the podcasts - let me know if you need to be updated/included)

What Security Blogs and Podcasts are represented in this community? (http://www.securitycatalyst.org/forums/index.php?topic=28.0)

Join our LinkedIn Group

For active members of the Security Catalyst Community; once I get the new laptop and have had a chance to catch my breath from the recent breakin, I’ll focus on cleaning up the linkedin list - and ensuring we take strides to meet and work together.

http://www.linkedin.com/groups?gid=27010

Here are some recent blog posts from Community Members that you may have missed:

• Scareware Ad From Skype?
• Change your passwords with your smoke detector batteries
• Forensic Time Dilatation
• New TCP vulnerability about trust, not technology
• The best anti-malware software out there…

About the Security Catalyst Community

We are a positively focused and supportive community that unites passionate professionals to achieve three goals:

(1) Provide a community where it is acceptable to be vulnerable and ask for help when you need it

(2) Create a community where anyone with an idea can share their approach in the pursuit of helping another. If today is your first day in security, welcome - share what you have learned without fear.

(3) Participate in a forum where members can share their passions, expand their thinking and find support with others who believe in making a positive difference.

Signing Up for the Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share).

Registration Overview (NOTE THE NAMING CONVENTION)

      Go here: http://www.securitycatalyst.org/forums/

      Select the register link

      Follow the naming standard: firstname.lastname (include the period between first and last names)

      Your account will be reviewed and approved

      Jump in and share your thoughts!

Where is Michael - onTour Schedule & Updates

As we set out to journey the country, keep tabs on our schedule and opportunities to meet at www.catalystontour.tv or follow the progress of the book and speaking tour at www.intothebreach.com. As always, if you are on the way (or in the city we are heading), please contact me directly so we can meet. Our RV is our home, and our home is always open to our friends.

Coming Up:

Once the RV is repaired (working on it now) and our laptops restored (also in progress), we head right back out - and amazingly, don’t really miss a beat!

• Week of October 6: Albany, NY (pending RV repairs and insurance hand-to-hand combat)
• Week of October 13: Seattle for the MSFT Small Business Summit http://www.microsoft.com/smallbusiness/summit/
• Week of October 20: Kansas City for the MCSF Keynote http://www.mcsfonline.org/
• Week of October 27: Seattle (still confirming details)
• Week of November 3: Portland, Oregon, Keynote for: http://www.nwsecurityconference.com
• Week of November 10: (transit back to East Coast, perhaps via Dallas)
• Week of November 17: DC Metro (still confirming details) and Philadelphia, PA for a private briefing for the CSO Breakfast Club

If you enjoyed this post, make sure you subscribe to my RSS feed!

Taking advantage of the beautiful fall weather this weekend, my family and I attended a local apple festival. It was an excuse to get out of the house, get some fresh apple cider donuts and have some fun on a beautiful fall day.

On the ride there, my children asked for some jazz on the radio and then called out the different things they ‘saw’ in the clouds. The list was common (trains, dinosaurs, bull dozers…) - and encouraged my wife and I to gaze up to “see what we could see.”

The ‘apple festival’ was held on some local fairgrounds that are well established, including some museums, pavilions, horse stables and a music amphitheatre (well, it has a stage and benches). The real gem of the day was the music and the freshly cooked food that was a little less than the picture of perfect health.

With a batch of fresh-cut French fries, we sat on some benches and listened to a jazz group entertain the crowd. When the fries were gone, I lay back on the bench and just looked up at the sky. The ride to the festival still fresh in my mind, I started to look for patterns. The first few looked like inkblots to me, then I saw some x-rays and finally, the imagination kicked in and I saw dinosaurs, alligators and a host of other things. Soon, then entire family was looking up at the clouds - in the middle of the festival around us, we celebrated the clouds.

For a few minutes, I was entirely in the moment. I absorbed the fall hue the sky took on, enjoyed the clouds and was content with the world.

Then it hit me - we allow ourselves to be so focused on the technology and the need for immediate solutions that we fail to take the time to let the clouds roll by. This leads to  vicious cycle where the so-called solutions actually create more problems. When we can step back and just let things be - we can see them for what they are. More:

• We can look for simple solutions; the ones that probably work best and require the least.
• We can allow our creativity to come through - and we certainly need more of that in nearly every aspect of life.
• We can relax, experience life and find common, but powerful, ways to connect with those around us - whether friends and family or our colleagues (which for some of us comprise our friends and family)

Technology has a place in our solutions. We live in a dynamic world with some interesting and often complex challenges. Such challenges require equally dynamic - but SIMPLE solutions. The way to get to simple solutions is to step back, gather, absorb, ponder, plan and test. This leads to the right requirements that generate solutions that work.

Want to develop better solutions? Then create better requirements. Here are three steps to get started:

1. Take time to first understand - then engage in conversation to reach a mutual agreement on what the end goal is.

2. Enjoy some time to ‘look at the clouds’ and test a range of ideas - creativity counts. Stepping back with a more complete understanding allows for better requirements, better solutions and less overall complication.

3. Document the requirements independent of the solutions and use them as a guide.

There are more steps - and I will be explaining and using them in the coming months as we take a closer look at the burglary of our RV - and how it has improved our planning and actions on a personal, family and business level.

While you have the opportunity - step outside today and look up at the clouds. If you can’t see trains, dinosaurs, dragons, roller coasters and a heap of other things, then maybe more cloud gazing is the answer for personal and professional success.

Continue the conversation with me

•       On twitter: http://twitter.com/catalyst
•       In the Security Catalyst Community (scc): http://www.securitycatalyst.org/forums/index.php
•       By email or telephone: http://www.securitycatalyst.com/contact.php
•       OnTour - heading back out in a few days: www.catalystontour.tv (and I’ll be updating the schedule and other information this week)

About Michael

Michael Santarcangelo is a human catalyst. An expert who speaks on information protection — including compliance, privacy and awareness that works — Michael energizes and inspires his audiences to change the way they protect information. His passion is contagious and approach gets results that shifts thinking and changes behaviors. Add the Security Catalyst to our organization today to get the results necessary for success.

If you enjoyed this post, make sure you subscribe to my RSS feed!

I’ve mentioned that the two weeks “home” are being used to catch-up, plan and hopefully get ahead. With one week to go, I am making progress (especially on the marketing, blog and podcast fronts). In addition to planning and recording podcasts, I am also spending more time on twitter these days - and would love to engage in the conversation with you.

• learn more about twitter here: http://twitter.com/
• “follow” and chat with me here: https://twitter.com/catalyst

Discussion Forum Activity

Here are some recent posts in the community. Your voice and insights contribute to the conversation — join in!

• Infosec Tools for Law Enforcement [... two items in the past 24 hours started me thinking about how can we as a community help our local Law Enforcement Agencies?...]
• Mobile Field Technolgies [...Wondering if anyone has any security related research around service workers in the field...]
• Bootable Backtrack 3 thumbdrive with Nessus, Firefox 3 and Blackhat 2008 nmap [... guide on how-to create a bootable USB thumbdrive with Backtrack 3...]
• The Hidden Cost of Freeware - and why I don’t recommend it anymore [... this is based on the "conversation starter" I published - and has some great perspectives...]
• OPSEC for Out of Office Replies…

The Voices of the Community

List of community blogger and podcasters:

What Security Blogs and Podcasts are represented in this community? (http://www.securitycatalyst.org/forums/index.php?topic=28.0)

Join our LinkedIn Group (for active members of the Security Catalyst Community)

http://www.linkedin.com/groups?gid=27010

About the Security Catalyst Community

We are a positively focused and supportive community that unites passionate professionals to achieve three goals:

(1) Provide a community where it is acceptable to be vulnerable and ask for help when you need it

(2) Create a community where anyone with an idea can share their approach in the pursuit of helping another. If today is your first day in security, welcome - share what you have learned without fear.

(3) Participate in a forum where members can share their passions, expand their thinking and find support with others who believe in making a positive difference.

Signing Up for the Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share).

Registration Overview (NOTE THE NAMING CONVENTION)

•       Go here: http://www.securitycatalyst.org/forums/
•       Select the register link
•       Follow the naming standard: firstname.lastname (include the period between first and last names)
•       Your account will be reviewed and approved
•       Jump in and share your thoughts!

Where is Michael - onTour Schedule & Updates

As we set out to journey the country, keep tabs on our schedule and opportunities to meet at www.catalystontour.tv or follow the progress of the book and speaking tour at www.intothebreach.com. As always, if you are on the way (or in the city we are heading), please contact me directly so we can meet. Our RV is our home, and our home is always open to our friends.

Coming Up:

•       Week of September 15: Nashville (ISSA Conference Keynote on Awareness that Works - with some special surprises)
•       Week of September 22: Las Vegas (Private briefing on Protecting Information Program)
•       Week of September 29: San Francisco/Bay Area (Applying PIP and the book approach to DLP)

If you enjoyed this post, make sure you subscribe to my RSS feed!

Is freeware really free?

Threats change. Solutions evolve. We no longer only face viruses, but now must contend with a multitude of attacks and other “bad things.” Whether speaking from the platform or offering our “Building Your Family Safety Net” seminar, here are the most important five actions for home computer protection (we handle networking and other elements in a different segment):

1.     Install and use a personal firewall

2.     Install and use anti-virus (and other protections, like anti-spyware, etc.)

3.     Select and use good passwords

4.     Use a regular user account instead of the administrative account

5.     Backup (and test) regularly

After sharing the list, a common question asked is, “What programs and brand should I use to protect my computer? From the platform, I work to remain neutral on brands and explain that using the solution is what counts - by keeping the program updated. That extended to freeware solutions, too. After all, this was a way to remain independent and still provide value, right?

Turns out my education is in social science with an emphasis on applied economics. Along the way, I wondered, out loud, if freeware was actually free. Economically speaking - which makes more sense - paying for a solution or building a “suite” to protect a PC from freely available solutions?

I recently had the opportunity to step back, put myself in the shoes of a user and experience the difference between piecing together a freeware suite versus a paid solution. This was a chance to step outside of my own expertise and beliefs and approach the situation with a fresh mind. As a professional speaker, I questioned whether I should be staying neutral and agnostic, or if I could provide more insights to help people make a better decision.

My experience and findings actually surprised me - and shifted not only my thinking, but also the recommendations I make from the platform and when working with family, friends and groups of people. Keep reading to learn about my experience in learning that freeware isn’t free, and actually may cost more - and create more hassle - than a current paid solution.

====

Quick note: I will be releasing a podcast with more insights tomorrow, along with the final report from my efforts. Check back for links and insights tomorrow.

Read the rest of this entry »

If you enjoyed this post, make sure you subscribe to my RSS feed!

Friday felt freaky to me: as we were driving home in our RV, we passed dozens of RVs, campers and vehicles loaded down for a three-day weekend “away from it all.” If you were among them, hopefully you saw me waving, waved back and had a great weekend. As we head into September, I am energized, refreshed and ready to go! The good news is that we head back out in a few weeks.

While on the road these last five weeks, I have continued to write, outline podcasts, develop new offerings, refine the keynotes and even search for some other contributors to share their ideas for this blog. As students head back to school and we return our focus to work, I am equally focused on supporting efforts that drive positive results. Here is a brief update of what I have on tap:

The start of Catalyst onTour
We’re back in Albany for two weeks before heading back out. I spent a few hours today reviewing the different speaking engagements and opportunities we have in the coming weeks. I am in the process of developing a new website to chronicle our RV Adventure - dubbed the Catalyst onTour - and how you can get involved. I hope to have even the first start of that site available for review this week; without question, it will be a site that will evolve with your help, guidance and questions.

Here is a sampling of the cities we are already planned to spend some time in (with more to be added):

• Nashville
• Las Vegas
• Salt Lake City
• San Francisco/San Diego
• Phoenix
• Seattle
• Portland (Oregon)
• Kansas City
• Philadelphia

As we travel to different cites and regions, we will take pictures, chronicle our experiences and share the benefits of our approach. We’ve recently spent a lot of time considering schooling options for our children, and look forward to sharing not only our decision, but the factors and conversations that led to our decision. We’ll also explain what works and what we think we need to improve on. We have been working on a few exciting programs to share in these cities - whether with businesses, community organizations, schools or families.

Look for more announcements before we head back out in mid-September.

Into the Breach — on Sale Now
It is now possible to pre-order copies of Into the Breach, due to start shipping in two weeks. As we make our way to Nashville, I will be picking up a few hundred copies of the book to ensure copies are available for conference goers and others on our path. We are also nearly finished with the kindle and ebook versions, too.

• Learn more about the book here: http://www.intothebreach.com/
• Pre-order the book here: http://atlasbooks.com/marktplc/02353.htm

My goal in writing the book was simple: present enough information to create a shift in thinking. Beyond that, a keynote, executive seminar and guided system has been developed, tested and refined to further expand on the information in the book, bring it to life and drive results. Part of our journey will be working with organizations (small and large) to implement the tenets outlined in Into the Breach to improve revenue, complete a successful risk assessment, build an awareness program that works or influence a positive change in how people, information and risk are managed.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Greetings from Sierra Vista, Arizona with a long overdue update. While I may have been quiet (rare, I know), I have not been idle.

A few months ago I was focused on tracking down security fundamentals - and how they need to be applied; last week I was able to craft an intense training section that brought a group of professionals through a unique training class designed around that very concept. It was a great week and really has me energized (despite the need for sleep).

I also shared some insights from Into the Breach with a group at Fort Huachucha yesterday. The best part - for everyone, myself included - was the hour-long conversation that ensued after the keynote. We talked about current challenges and how we can face them by addressing the true problems (not the symptoms) and how to engage people to take responsibility while increasing our ability to hold them accountable.

We are going to take some time today to visit Bisbee, AZ before heading up to Tempe, AZ tomorrow. This is our final “pre-tour” trip as we work out the kinks of driving cross-country in the RV multiple times a year, running the business and spending time as a family. This trip was much smoother than the spring “expedition” and we are already looking forward to the onTour launch in September!

As we make our way back to NY, here is our schedule for the next two weeks:

Phoenix, AZ

I love Phoenix and look forward to catching up with a lot of good clients, friends and even some new faces.

Arrive: Wednesday, August 20, 2008

Depart: Friday, August 22, 2008

Staying here: http://www.apachepalmsrvpark.com/

Dallas, Texas

We have a lot of friends that we hope to see while we stop in Dallas. The best part of traveling by RV is the complete flexibility to see clients, potential clients and friends (most of whom were once clients or will be clients). We really enjoy life as a family and seeing the country in a way that allows us to work with people we would chose to spend time with!

Arrive: Saturday, August 23

Depart: Monday, August 25

* we have not yet picked a park, but these are the top three options - have experience or insight? Drop me a line *

http://www.treetopsrvvillage.com/

http://tradersvillage.com/en/grandprairie/rv

http://www.cowtownrvpark.com/

Atlanta, Georgia

** Will be meeting some friends and potential clients to discuss how Into the Breach influences “Awareness that Works”; I love the opportunity to discuss my passions and share research. I’m really pumped about this!

Arrive: Tuesday, August 26

Depart: Thursday, August 28

Staying here: http://atlantasouthrvresort.com/

Potential other stops on the way “home”

•       Considering a brief stop in Charlotte, NC
•       May take one more trip to Hershey Park (need to find a connection at the Hershey Chocolate company - we’re there so much!)

Are you along our path?

If you are along our path or in one of the cities where we are touching down, I would love to meet, say hello and can offer you a preview copy of Into the Breach!  I am currently tweaking the onTour website in time for our September launch and will be announcing the 6-week onTour Fall leg in about a week or so.

Other Quick Updates

•       Four podcasts are lined up, including the Pop Culture Security, Breach Breakdown and Security Roundtable!
•       Despite my compressed schedule, my brain has not stopped; I have been working on a series of articles to share
•       I have a special report on “freeware” that I will be releasing next week; this was a real change in thinking for me and I look forward to sharing what I learned with you.

Book Updates

•       The kindle book should be available this month
•       The eBook should be available this month
•       The hardcover book will be available September 16, 2008 (we’ll be picking up 500 copies on our way to Nashville, TN)
•       The book can be pre-ordered here: http://atlasbooks.com/marktplc/02353.htm

If you enjoyed this post, make sure you subscribe to my RSS feed!

As I wrap up my week in Las Vegas and prepare to head to Sierra Vista, AZ, I will be offering preview copies ofInto the Breach. I’m going to wander down to the Vegas strip this afternoon/evening - if you’d like to get your hands on a copy, please send me an email (michael at this domain) or direct message me on twitter: http://twitter.com/catalyst

We are heading out from Vegas Saturday morning and will stop briefly in Phoenix around noon. We’re hoping to meet some friends for a quick bite to eat and then head on down. We’ll be coming back through Phoenix on the 18th and tentatively sticking around for a day or two.

I have a “Protect Your Business by Managing People, Information and Risk” keynote on the morning of the 18th - and would be happy to explore working with your team as we work our way back across the country. I have an intense 10 days in front of me - but continue to develop content for the blog, have some special reports I look forward to sharing and more awareness and breach podcasts coming up.

I am also working to publish the updated fall speaking schedule - which will see us criss-cross the country, providing many opportunities to meet, work with companies and families around the country and have some fun!

If you enjoyed this post, make sure you subscribe to my RSS feed!