the State of Security

_Change Management

My RSA Talk and Adam Shostack’s Awesome RSA Research Track

by ~Previous Contributers

I am in San Francisco this week at the RSA Conference (which is apparenlty #rsac on Twitter). I will be speaking this afternoon at 3pm PT. The famous Adam Shostack (@adamshostack) is one of the track chairs, and his advice to me was, “give your metrics talk, under the guise of virtualization security.” Well, I’m [...]

Read More

Ask Dr. Visible Ops: How Should I Engage Internal Audit In The Change Management Process?

by ~Previous Contributers

Hal Pomeranz and I did a webinar called “Ditching the Infosec Stereotype: Part 1: Fixing Broken Change Control Processes” a couple of weeks ago. As I mentioned in a previous blog entry, I’m a big fan of Hal. I loved the work he’s done at places that had truly mission-critical environments, including at eBay, Cendant [...]

Read More

FIPS, the Feds and Cybersecurity

by Rekha Shenoy

Not a day goes by when I don’t see an article about the importance of our nation’s Cybersecurity efforts. While you can debate the level of investment and focus the government is giving to Cybersecurity, one effort that has made everyone’s check list these days is FIPS – specifically FIPS 140-2. For those of you [...]

Read More

When Life In IT Operations And QA Sucks (Part I)

by ~Previous Contributers

Have you ever had this happen to you? Project Killer Kumquat is finally going to deliver the set of features that’s going to allow us to catch up to the competition. We’ve had over 300 developers have been working on this project for nine months. It’s been a death march for them. This is one [...]

Read More

Answer: When Is It Acceptable To Patch QA Environment Ahead Of The Production Environment?

by ~Previous Contributers

In the previous post, I talked about a Twitter contest I was running to answer the following question, with a Visible Ops book as a prize going to the best answer: “When is it acceptable to patch the QA environment ahead of the production environment?” If you believe that the goal of QA is to [...]

Read More

Question: When Is It Acceptable To Patch QA Environment Ahead Of The Production Environment?

by ~Previous Contributers

A buddy of mine is head of information security at a large insurance company, and we were talking about a common area of passion for us: implementing controls in pre-production. He told me about an argument that came up between him and his QA manager. This QA manager was already getting harassed by the rest [...]

Read More

← Previous Entries