faulker051

Just a quick reminder about the Metricon 7 workshop on security metrics. Date : August 7, 2012 Location : Bellevue, WA ( co-located with USENIX 12 ) Registration : https://www.usenix.org/conference/usenixsecurity12/registration-information   (pick just the metrics workshop or the entire event) Agenda : 1. Introduction to Metricon, security metrics and workshop goals by Anton Chuvakin (9:00-9:30) 2. “Even Giant Metrics Programs Start Small” by David Severski (9:30-10:30) 3. Break (10:30-10:45) 4. PANEL: “Rules of the Road for Useful Security Metrics” (10:45-11:30) 5. Mini-talk 1 and 2 – TBD (11:30-12:00) 6. Lunch break (12:00-1:00) 7. “What We Want to See in Security Metrics” by Christopher Carlson (1:00-2:00) 8. PANEL: “What We Know to Work in Security Metrics” (2:00-2:30) 9. “Application Security Metrics We Use” Steve Mckinney (2:30-3:00) 10. Break (3:00 – 3:15) 11. "Threat Genomics and Threat Modeling” by Jon Espenschied (3:15-4:15) 12. Discussion time, everybody shares l...

This is not a book for everybody (and your grandmother probably does not need to read it; neither does an average IT professional). However, I think that this book is pure gold for those tasked with interacting with analyst firms. I am an analyst, and I wish every vendor client read this book and followed some of the advice given there. It would reduce pain on both sides of the conversation, as well as make the interactions more valuable for – again! - both sides. Obviously, this is not a book to guarantee your IT product a favorable placement in analyst research. It is also not a book on how to bamboozle the analysts, despite its focus on analyst influence. However, it is definitely a book to make sure that well deserving products, developed and marketed by good teams of people, don't get sidelined. Some of the specifics that I liked include the influence pyramid concept, social media techniques, a careful approach to managing corporate Wikipedia entries, specific approaches to...

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month: “ Simple Log Review Checklist Released! ” is often at the top – the checklist is still a very useful tool for many people. “ On Free Log Management Tools ” is a companion to the checklist ( updated version ) My PCI DSS Log Review series is popular as well. “ On Choosing SIEM ” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular. “ Top 10 Criteria for a SIEM? ” came from one of my last projects I did when running my SIEM consulting firm. “ Log Management at $0 and 1hr/week? ” is where a lot of companies still are, thus this post became popular again. In addition, I’d like to draw your attention to a few posts from my Gartner blog : Denial of Service research: More on DoS and Shared Security On DoS Detection Wanted Dead or Alive: Application DoS Attack Availability, Security and Why is DoS Fun? Quick DoS Attack Tax...