_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: 2013 var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Sunday, November 10, 2013

Cloud Computing Atlanta

I am looking forward to speaking at the Cloud Computing Atlanta event on Tuesday November 12. This meeting will be held at the Advanced Technology Development Center (ATDC) at Georgia Tech and is open to the public. I will be speaking about the 20 Critical Security Controls and how it can be applied in a cloud hosting environment.

Over the years, many security standards and requirements frameworks have been developed in attempts to address risks to enterprise systems and the critical data in them. Most of these efforts have essentially become exercises in reporting on compliance and have actually diverted security program resources from the constantly evolving attacks that must be addressed. Learn how to implement a proven continuous monitoring capability that has been used to drastically improve the security of many small and large organizations.

Wednesday, October 9, 2013

Security BSides DC

I am thrilled to be a speaker at the upcoming Security BSides DC. The lineup for this 2 day event is outstanding. I look forward to speaking on the 20 Security Controls and specifically how they can be used to improve the security of your network.

Saturday, August 31, 2013

How to get sufficient funding for your security program (without having a major incident) - Repost

I recently had another guest diary published on the SANS Internet Storm Center Diary. I have enjoyed the material on the ISC site for many years and consider it an honor to contribute. I hope this is helpful information that you can use to secure sufficient funding for your security program in advance of your next security incident.


Saturday, June 22, 2013

Augusta ISSA Chapter Meeting

Next week I have the privilege to speak at the Augusta ISSA chapter meeting on June 25th. I will talk about the 20 Security Controls and how they can be implemented in any organization.

This presentation will introduce the 20 Security Controls and provide real examples of how they can be implemented by leveraging existing tools and capabilities. Attendees will be equipped to implement the 20 Security Controls in their own environments. The focus of the presentation will be on initiating a continuous monitoring program based on this framework to detect attacks and closely monitor the security of any network.

The meeting will be held at Georgia Regents University (formerly known as Augusta State) in Room UH-170 of University Hall on Tuesday, June 25th. The format for the meeting will be social/networking with free Pizza from 6:30-7:00PM followed by the presentation starting at 7:00PM. 

To register for the event, visit http://augustaissa.eventbrite.com

Friday, May 24, 2013

Community SANS returns to Augusta

Consider joining me for the next Community SANS event in Augusta

on July 16-21, 2013. I will be teaching the SANS Security Essentials 

Bootcamp Style course. This popular course is appropriate both for

people new to security as well as those who have been in security for

years. This was the first SANS course I attended after I was in security for

over three years. I remember how much I learned in this class as a student

back then and look forward to sharing my passion for this course with you.


It seems wherever you turn organizations are being broken into and the

fundamental question that everyone wants to know is Why? Why do some

organizations get broken into and others do not. SEC401 Security

Essentials is focused on teaching you the right things that need to be

done to keep your organization secure. Organizations are spending millions

of dollars on security and are still compromised. The problem is they are

doing good things but not the right things. Good things will lay a solid

foundation but the right things will stop your organization from being

headline news in the Wall Street Journal. SEC401's focus is to teach

individuals the essential skills and techniques needed to protect and

secure an organization's critical information assets and business systems.

We also understand that security is a journey and not a destination.

Therefore we will teach you how to build a security roadmap that can

scale today and into the future. When you leave this training we promise

that you will be given techniques that you can implement today and

tomorrow to keep your organization at the cutting edge of cyber

security. Most importantly, your organization will be secure.



Community SANS Augusta 2013

When:  July 16-21, 2013

Where: Augusta State University

  Health Science Building, Room EC2238

             987 St. Sebastian Way

             Augusta, GA 30912

             Phone: 706-737-1482

Tuition:  Register by June 5, 2013 to save $850 on this class


ISSA members - use Discount Code "AugustaISSA13" for a 10% savings.

THE COMMUNITY SANS ADVANTAGE (http://www.sans.org/info/41114)

The Community SANS format offers the most popular SANS courses

in your local community at a reduced tuition fee.  And as with all SANS courses,

the earlier you register, the more your fee is reduced.

SANS promises that you will be able to use what you learn in the classroom as soon

as you return to the office.

Register today to join me in Augusta by visiting


Let me know if you need any additional information about this course!

Thursday, February 28, 2013

Are You Glad You Bought It?

Remember how you felt during your first meeting with the vendor of that shiny new thing? Do you remember all the possibilities? You could not capture the seemingly endless use cases fast enough. Surely this was the product you had long been looking for. All you had to do was write a business case to secure the needed funding. You knew deep inside that your enemies were already starting to tremble in fear at the thought of the new shiny new thing running in your environment. Move along folks you said, nothing to see here.

All that mockery aside, how well did your shiny new thing actually do everything the sales person claimed it would before you made the purchase? Can you honestly say you feel the same way after using it for a year? If not, what changed? 

Take a moment to look back on these questions as you approach a new vendor relationship.

  • Are you glad you bought the shiny new thing? Really?
  • Should the vendor get all of the blame for a failed experience? 
  • What role did your lack of understanding or lack of attention play?
  • What new requirements would you add based on your previous experiences?
  • What do you wish you knew back then? 
  • Would you recommend the shiny new thing to your closest friends? 
  • Would you make the same decision today?

Like most all of us, I had a similar experience. One in particular was a rush to purchase products for compliance purposes and do so in very short order. Looking back, I should have slowed down a lot and not just looked for a quick win. I recommend staying focused on the "why" behind the purchase and doing and over communicate this to all possible stakeholders ahead of making the purchase. The last thing you want is to have one of your stakeholders asking basic questions during pivotal moments such as the change control board meeting where you are seeking approval to put your shiny thing into production.

Get to know the technical product manager ahead of the purchase. Make sure you can get along with them and more importantly that they know why you are a customer. I have found they are in a better position to know the roadmap better than the people in sales. Also call support and ask questions to which you already know answers. How do they treat you? That will be very important in the future.

It is far too easy to blame the vendor for a failed implementation. It is not as comfortable to ask what could YOU have done better during the evaluation of the shiny new thing. Take a moment now to reflect back on what worked and what did not work and more importantly why it did not. This will help make sure the next time is the best time and it exceeds your expectations. 

If you could go back in time, what additional questions would you ask and new conditions would you place based on what you have learned from past vendor experiences?

Wednesday, January 30, 2013

Getting Involved with the Local Community - Repost

I recently had my second guest diary published on the SANS Internet Storm Center Diary. I have enjoyed the material on the ISC site for many years and consider it an honor to contribute. I hope this is helpful information that you can use to be more connected to your local security community.