By Tricia SantarcangeloI walked through the World Trade Center at 8:20 a.m. on September 11, 2001…. Despite being married to Mr. Security, I never noticed if there were emergency exits, stairs, or other paths to travel. I walked like a member of the flock the same way every day.When the second plane hit the towers, Michael begged me to get out of the city. I stayed, not because they told me to, not because I was curious and wanted to watch what was happen, but simply because the only way I knew how to get off the island was blocked by two huge towers that were on fire.Like many people the events of 9/11 changed me, but not in ways I expected. Now when I go anywhere I note where all the exits are, where the fire extinguishers are, and who is around me. I am amazed by how many people are not aware of what is around them. I believe we have lost our sense of situational awareness and until we find it again, the practice of information protection will continue to struggle.So today on the anniversary of the day I became aware I challenge you to look around and take it all in, you might be surprised at what you see. Maybe today is your day to become aware.– Tricia penned this yesterday as we reflected and remembered and wanted to share it with you. Hopefully we can encourage her to offer us more on her perspective of forming the “security mindset.”

Regardless of what the calendar says, the new year really begins in September. After a summer of obstacles to productivity, in September, we jump into gear.This message is to update you on:• Information Protection Assessment Toolkit (IPAT) – special offer deadline imminent• September EventsBuild Budgets, Awareness, Strategy… with IPATSpecial offer deadlineMy plan for a guided, supported and realistic toolkit to help those responsible for security build a plan, budget and awareness program became real this summer. The Information Protection Assessment Toolkit (IPAT) and the IPAT preview program launched in July. The special offer of a ½ day of my time to launch the program in your organization will soon end. As you can see from my schedule below, my hours are limited. Contact us to book your IPAT program before September 13th.September events:.

I just got a heads up that my podcast feed is suddenly not working. I can verify it’s not working – and since today is my birthday and I’m heading out, I can further verify I won’t fix it until sometime this weekend.Sorry for the inconvenience….In the meantime, I posted the August Security Round Table this morning… and we’re already planning the next three shows! In August, we discuss the keys to your success in finding a new job, managing your career and well, the secret code word of the day. No not really – but you should listen to make sure.Check it out here: http://www.securityroundtable.com/Subscribe in iTunes here: http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=156964477Have a great weekend!!

As I continue my quest to distill our practice of information security into the fundamentals, we are making progress!Join the discussion:The current listThe Value of Fundamentals – through TriathlonCan you use CIA today?Can you frame and hold a conversation about fundamentals with your team, with others?Putting the Fun in the Security FundamentalsYou need to be able to break things down; so when a vendor is pitching you – you need to know how they are handling the fundamentals… so ask them how their solution meets YOUR CIA REQsto be able to do this:1. you have to understand CIA2. you have to be able to apply CIA3. you have to understand your own CIA requirementsAH – so I’m actually suggesting you do some work before talking to vendors and solution providers…Special Invitation from MeWant to be guided through?Email me for an invite to the security salon and a new section I have…

I’ve decided that Sarbanes-Oxley Auditors have it wrong. After 4 years, they look for the wrong things, often costing companies millions of dollars. Their focus is often on minutia leaving the lowest hanging fruit untouched. Why did this happen? Because they haven’t learned from history and they don’t understand the root cause of it all: [...]

By Adam Dodge Recently, the University of Texas, Pan American announced that a staff member lost an external hard drive containing names, address and Social Security numbers of around 1,200 UTPA staff. The good news for these individuals is that the hard drive was found by another UTPA staff member and there does not appear [...]

For some, the summer signals a chance to slow down, kick back, take some vacations and prepare for a busy fall…. At the Security Catalyst community, we’re working to form a more effective governance structure, migrate to a new server, incorporate more support resources and generally improve the services we are able to provide to you – whether you are new to security, a seasoned professional, a security blogger or even a podcaster.

…Create a forum where members can share their passions, expand their thinking and find support with others who believe in making a positive difference.After 6 months and nearly 400 members, I can tell you without question that those who contribute and make the effort reap the biggest rewards. I know we all hit patches where work gets insane; personally, we’re in the middle of launching some exciting new offerings, and I have had to cycle back on some of my more visible blogging, podcasting and community activity.

…This is the method I use to keep abreast of new topics.If you have a question or challenge – especially when you feel way too busy, please take 5-10 minutes to share your question, frustration or challenge with your peers…. That’s right – I have plenty of stories from members who reached out to help each other… and in the process, avoided the crisis and got their work done quicker (and arguably better).When you are busy – please make an effort to check in once a week and find one post you can respond to…. Offer help when you can, ask for advice when you need it.Not a day goes by now that I don’t learn something new from this forum…. We’re working to select cities now, but when we come to/near you, please don’t be shy – I’d love to raise a glass and say hello.So welcome to the journey and thank you for being part of the community…. In the end, this is what will set us apart.PS: I’ll have a few additional announcements in the coming weeks and months – the result of many months of focused work.