the State of Security

Best Practices In Virtualization

My RSA Talk and Adam Shostack’s Awesome RSA Research Track

by ~Previous Contributers

I am in San Francisco this week at the RSA Conference (which is apparenlty #rsac on Twitter). I will be speaking this afternoon at 3pm PT. The famous Adam Shostack (@adamshostack) is one of the track chairs, and his advice to me was, “give your metrics talk, under the guise of virtualization security.” Well, I’m [...]

Read More

Ask Dr. Visible Ops: How Should I Engage Internal Audit In The Change Management Process?

by ~Previous Contributers

Hal Pomeranz and I did a webinar called “Ditching the Infosec Stereotype: Part 1: Fixing Broken Change Control Processes” a couple of weeks ago. As I mentioned in a previous blog entry, I’m a big fan of Hal. I loved the work he’s done at places that had truly mission-critical environments, including at eBay, Cendant [...]

Read More

When Life In IT Operations And QA Sucks (Part I)

by ~Previous Contributers

Have you ever had this happen to you? Project Killer Kumquat is finally going to deliver the set of features that’s going to allow us to catch up to the competition. We’ve had over 300 developers have been working on this project for nine months. It’s been a death march for them. This is one [...]

Read More

Answer: When Is It Acceptable To Patch QA Environment Ahead Of The Production Environment?

by ~Previous Contributers

In the previous post, I talked about a Twitter contest I was running to answer the following question, with a Visible Ops book as a prize going to the best answer: “When is it acceptable to patch the QA environment ahead of the production environment?” If you believe that the goal of QA is to [...]

Read More

Virtualization and vendors: in the world, or of it?

by Dwayne Melancon

Once upon a time, every vendor published a paper about SOX, and some made very convoluted connections to how they could “do SOX.” Sometimes, it seemed like the only thing the vendor had to offer that had anything to do with SOX was the white paper. Is the same thing happening with virtualization? I’ve run [...]

Read More