With all the activity the fall brings, take a few moments to learn from your fellow catalysts - and the time to share your experiences. This is what unites us as professionals. Even when we feel we lack the time, making the time to engage brings benefit to every person involved.

I am also spending more time on twitter these days - and would love to engage in the conversation with you. You can learn more about twitter here: http://twitter.com/ and “follow” and chat with me here: https://twitter.com/catalyst

Discussion Forum Activity

Here are some recent discussions ripe for contribution or learning:

•  Standards Document Supporting an Encryption Policy
•  ISO 17799/27001/27002
• Researching malicious file types
• Need a Multi-function Inkjet (INTERESTING CAVEATS TO CONSIDER)
• Nevada & E-mail Encryption Requirement      

List of community blogger and podcasters

(I am working to ensure the list is accurate and separate out the blogs from the podcasts - let me know if you need to be updated/included)

What Security Blogs and Podcasts are represented in this community? (http://www.securitycatalyst.org/forums/index.php?topic=28.0)

Join our LinkedIn Group

For active members of the Security Catalyst Community; once I get the new laptop and have had a chance to catch my breath from the recent breakin, I’ll focus on cleaning up the linkedin list - and ensuring we take strides to meet and work together.

http://www.linkedin.com/groups?gid=27010

Here are some recent blog posts from Community Members that you may have missed:

• Scareware Ad From Skype?
• Change your passwords with your smoke detector batteries
• Forensic Time Dilatation
• New TCP vulnerability about trust, not technology
• The best anti-malware software out there…

About the Security Catalyst Community

We are a positively focused and supportive community that unites passionate professionals to achieve three goals:

(1) Provide a community where it is acceptable to be vulnerable and ask for help when you need it

(2) Create a community where anyone with an idea can share their approach in the pursuit of helping another. If today is your first day in security, welcome - share what you have learned without fear.

(3) Participate in a forum where members can share their passions, expand their thinking and find support with others who believe in making a positive difference.

Signing Up for the Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share).

Registration Overview (NOTE THE NAMING CONVENTION)

      Go here: http://www.securitycatalyst.org/forums/

      Select the register link

      Follow the naming standard: firstname.lastname (include the period between first and last names)

      Your account will be reviewed and approved

      Jump in and share your thoughts!

Where is Michael - onTour Schedule & Updates

As we set out to journey the country, keep tabs on our schedule and opportunities to meet at www.catalystontour.tv or follow the progress of the book and speaking tour at www.intothebreach.com. As always, if you are on the way (or in the city we are heading), please contact me directly so we can meet. Our RV is our home, and our home is always open to our friends.

Coming Up:

Once the RV is repaired (working on it now) and our laptops restored (also in progress), we head right back out - and amazingly, don’t really miss a beat!

• Week of October 6: Albany, NY (pending RV repairs and insurance hand-to-hand combat)
• Week of October 13: Seattle for the MSFT Small Business Summit http://www.microsoft.com/smallbusiness/summit/
• Week of October 20: Kansas City for the MCSF Keynote http://www.mcsfonline.org/
• Week of October 27: Seattle (still confirming details)
• Week of November 3: Portland, Oregon, Keynote for: http://www.nwsecurityconference.com
• Week of November 10: (transit back to East Coast, perhaps via Dallas)
• Week of November 17: DC Metro (still confirming details) and Philadelphia, PA for a private briefing for the CSO Breakfast Club

If you enjoyed this post, make sure you subscribe to my RSS feed!

Greetings from Albany, NY - where the leaves are turning and there is crispness to the air that only autumn can bring. I love the fall, and this has been an upside of the recent events that brought us home. The book is now available - and I will be posting details in the coming days on how you can get a signed edition!

In the meantime, take the time to learn from your fellow catalysts - and the time to share your experiences. This is what unites us as professionals. Even when we feel we lack the time, making the time to engage brings benefit to every person involved.

I am also spending more time on twitter these days - and would love to engage in the conversation with you.

      You can learn more about twitter here: http://twitter.com/

      and “follow” and chat with me here: https://twitter.com/catalyst

Discussion Forum Activity

• Looking for Beta testers for the new Honey Stick fileset generation program…
• “End User Computing” ie Securing Excel…anyone with experience?
• Dshield Block List — Pros and Cons
• Anyone notice an uptick in greetingcard SPAM today?
• Blackberry Enteprise Server — Placement Considerations

List of community blogger and podcasters

(I am working to ensure the list is accurate and separate out the blogs from the podcasts - let me know if you need to be updated/included)

What Security Blogs and Podcasts are represented in this community? (http://www.securitycatalyst.org/forums/index.php?topic=28.0)

Join our LinkedIn Group

For active members of the Security Catalyst Community; once I get the new laptop and have had a chance to catch my breath from the recent breakin, I’ll focus on cleaning up the linkedin list - and ensuring we take strides to meet and work together.

http://www.linkedin.com/groups?gid=27010

Here are some recent blog posts from Community Members that you may have missed:

• Increase Your Logging
• IDS: Vitamins Or Prophylactic?
• Google’s New Browser

About the Security Catalyst Community

We are a positively focused and supportive community that unites passionate professionals to achieve three goals:

(1) Provide a community where it is acceptable to be vulnerable and ask for help when you need it

(2) Create a community where anyone with an idea can share their approach in the pursuit of helping another. If today is your first day in security, welcome - share what you have learned without fear.

(3) Participate in a forum where members can share their passions, expand their thinking and find support with others who believe in making a positive difference.

Signing Up for the Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share).

Registration Overview (NOTE THE NAMING CONVENTION)

      Go here: http://www.securitycatalyst.org/forums/

      Select the register link

      Follow the naming standard: firstname.lastname (include the period between first and last names)

      Your account will be reviewed and approved

      Jump in and share your thoughts!

Where is Michael - onTour Schedule & Updates

As we set out to journey the country, keep tabs on our schedule and opportunities to meet at www.catalystontour.tv or follow the progress of the book and speaking tour at www.intothebreach.com. As always, if you are on the way (or in the city we are heading), please contact me directly so we can meet. Our RV is our home, and our home is always open to our friends.

Coming Up:

Once the RV is repaired (working on it now) and our laptops restored (also in progress), we head right back out - and amazingly, don’t really miss a beat!

• Week of October 6: Albany, NY (pending RV repairs and insurance hand-to-hand combat)
• Week of October 13: Seattle for the MSFT Small Business Summit http://www.microsoft.com/smallbusiness/summit/
• Week of October 20: Kansas City for the MCSF Keynote http://www.mcsfonline.org/
• Week of October 27: Seattle (still confirming details)
• Week of November 3: Portland, Oregon, Keynote for: http://www.nwsecurityconference.com
• Week of November 10: (transit back to East Coast, perhaps via Dallas)
• Week of November 17: DC Metro (still confirming details) and Philadelphia, PA for a private briefing for the CSO Breakfast Club

If you enjoyed this post, make sure you subscribe to my RSS feed!

I’ve mentioned that the two weeks “home” are being used to catch-up, plan and hopefully get ahead. With one week to go, I am making progress (especially on the marketing, blog and podcast fronts). In addition to planning and recording podcasts, I am also spending more time on twitter these days - and would love to engage in the conversation with you.

• learn more about twitter here: http://twitter.com/
• “follow” and chat with me here: https://twitter.com/catalyst

Discussion Forum Activity

Here are some recent posts in the community. Your voice and insights contribute to the conversation — join in!

• Infosec Tools for Law Enforcement [... two items in the past 24 hours started me thinking about how can we as a community help our local Law Enforcement Agencies?...]
• Mobile Field Technolgies [...Wondering if anyone has any security related research around service workers in the field...]
• Bootable Backtrack 3 thumbdrive with Nessus, Firefox 3 and Blackhat 2008 nmap [... guide on how-to create a bootable USB thumbdrive with Backtrack 3...]
• The Hidden Cost of Freeware - and why I don’t recommend it anymore [... this is based on the "conversation starter" I published - and has some great perspectives...]
• OPSEC for Out of Office Replies…

The Voices of the Community

List of community blogger and podcasters:

What Security Blogs and Podcasts are represented in this community? (http://www.securitycatalyst.org/forums/index.php?topic=28.0)

Join our LinkedIn Group (for active members of the Security Catalyst Community)

http://www.linkedin.com/groups?gid=27010

About the Security Catalyst Community

We are a positively focused and supportive community that unites passionate professionals to achieve three goals:

(1) Provide a community where it is acceptable to be vulnerable and ask for help when you need it

(2) Create a community where anyone with an idea can share their approach in the pursuit of helping another. If today is your first day in security, welcome - share what you have learned without fear.

(3) Participate in a forum where members can share their passions, expand their thinking and find support with others who believe in making a positive difference.

Signing Up for the Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share).

Registration Overview (NOTE THE NAMING CONVENTION)

•       Go here: http://www.securitycatalyst.org/forums/
•       Select the register link
•       Follow the naming standard: firstname.lastname (include the period between first and last names)
•       Your account will be reviewed and approved
•       Jump in and share your thoughts!

Where is Michael - onTour Schedule & Updates

As we set out to journey the country, keep tabs on our schedule and opportunities to meet at www.catalystontour.tv or follow the progress of the book and speaking tour at www.intothebreach.com. As always, if you are on the way (or in the city we are heading), please contact me directly so we can meet. Our RV is our home, and our home is always open to our friends.

Coming Up:

•       Week of September 15: Nashville (ISSA Conference Keynote on Awareness that Works - with some special surprises)
•       Week of September 22: Las Vegas (Private briefing on Protecting Information Program)
•       Week of September 29: San Francisco/Bay Area (Applying PIP and the book approach to DLP)

If you enjoyed this post, make sure you subscribe to my RSS feed!

When it comes to protecting home computers, “Is freeware free?”

This is not a question aimed at the enterprise. Instead, this is a question that cuts to the heart of the advice that security professionals offer to those who depend on that experience and insight to guide them, be they parents, siblings, friends, co-workers or even people we met in passing. Professionals are often called upon to make quick decisions based on experience and training (we can argue later whether this is good or bad). While this may be an accepted business practice - does it work as well when it comes to advising families on how to protect their computers?

I think we need to step back and consider. If someone asks you if they should spend money for a paid software solution to protect their home computer or simply use “freeware” solutions - what is the best answer? What do you recommend today? Why?

To aid in the process, I offer for consideration a report that details my experience evaluating freeware through the lens of a consumer. The report is short. It is designed to be an opportunity to stop, think and engage in the conversation.

Based on a challenge, I stepped back and examined the situation in a manner different than normal for me. I worked to experience the process of finding, downloading, installing, configuring and using freeware solutions. I considered the time spent and took an effort to measure pop-ups, messages and potential frustrations. Taking the time to step back literally changed what I thought and what I recommend. It forced me to examine the “truths” I believed in favor of real experience.

Get the report here: http://www.securitycatalyst.com/eGuides/Security-Catalyst-The-Hidden-Cost-of-Freeware.pdf

Come join the discussion in the Security Catalyst Community here: http://www.securitycatalyst.org/forums/index.php?topic=960.0

(and join me for a live Talkcast on Thursday — Noon Eastern — to discuss this with special guest Dave Cole)

If you enjoyed this post, make sure you subscribe to my RSS feed!

Here are some of the recent — and thought provoking — conversations of the Security Catalyst Community (SCC):

• Anonymity of criminal activity
• Anyone try Microsoft SteadyState?
• Automated Binary Analysis
• Hardware SSL Tunnel Device
• Sharing With Others

Opportunities to meet, network and join together

• Global Security Week 2008
• RSA Europe
• Black Hat/DefCon

Join the in the Discussion!

The Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share). If you have not yet registered, please remember to use firstname.lastname as the standard.

If you enjoyed this post, make sure you subscribe to my RSS feed!

The discussions continue to expand and inform in the Security Catalyst Community. Here are some of the recent hot conversations (including some I have listed before; this week they really exploded). 

• Is Management the Real Security Problem?
• Linux User Account Upgrade or Migration Checklist
• What should you do with software updates that are not critical?
• Question about the Amero
• Anyone else using Twitter?

If you enjoyed this post, make sure you subscribe to my RSS feed!

With more details to come soon, we launch the next Catalyst onTour Adventure on Tuesday. After a quick stop at Hershey Park, we’re heading through Ohio to pick up some books and then into KC for the weekend. We’ll arrive in Vegas on Monday.

Since my Tuesday event got cancelled, I am looking at hosting people at our location on Tuesday, 4-7p. This allows time for BH and the evening parties - but also a chance to unwind and meet new people, make some friends, unwind. Depending on when people come in, I’d be happy to consider Wednesday or Thursday, too. (note: if you cannot make it Tuesday but want to meet/speak - shoot me a note and we’ll connect).

I know there are a lot of parties, events with booze and such. I see this as a chance to pull together, meet each other and have some time to kick back. There are no sponsors for the tailgate (though I wouldn’t refuse ‘em); instead, this is a self-supported event where everyone brings something and makes new friends. 

Details

Companies Coming to Vegas

I am working on publishing a criteria list for pitches. I like learning about different solutions - but I want to make it easier to pitch me and explain the value. Look for something in the next 10 days. Meantime, if you’re going to be at BH and want to share your vision - shoot me a note and we’ll connect. I’ve already declared where I’m staying - and happy to meet anyone at the “rolling office.”

If you enjoyed this post, make sure you subscribe to my RSS feed!

It is hot today is Upstate NY; the same is true for some forum discussions taking place this week:

• Is Management the Real Security Problem?
•  How to deal with a “poison pill”
• Using CAPTCHA
  

If you enjoyed this post, make sure you subscribe to my RSS feed!

The forums are off to a roaring start this week - with some insightful discussions. Sure, thinking this early in the week can be scary, but it sure pays off!

• What are the ethical standards/requirements for security bloggers? [IN PREP FOR TUESDAY]
• Help me test my new Firefox add-on
• Printer Dots and Privacy - cause for concern?
• Sen. Schumer Kills Bank (unintended consequences and the way security is considered)
• CISSP - on it’s way out, or not. Or both? (the discussion continues!)

Join the in the Discussion!

The Security Catalyst Community

Your participation is your currency (means no charge to join) - the more you contribute the more you learn and the more valuable the community becomes to everyone (so dive in and share). If you have not yet registered, please remember to use firstname.lastname as the standard.

If you enjoyed this post, make sure you subscribe to my RSS feed!

It’s been a brisk week in the forums, and here are some hot topics:

If you enjoyed this post, make sure you subscribe to my RSS feed!