The Word is Not Enough

Who says martial artists don't know how to laugh at themselves?

2010-02-04T10:01:36Z

Information Age - IT qualifications

2009-11-06T11:25:45Z

IT qualifications: are they worth it, which ones are the ones to get if you're a CIO, and want to be better at your job or advance your career? Should you get your staff trained up in formal qualifications to make them better at their jobs or improve their morale? Or are they likely to leg it to another company if you do? Is simply training them up without any formal qualification the best way to have them skilled but retain them?

I'd like to speak to CIOs and other IT professionals, consultants, recruitment agencies, headhunters, training organisations and CIO organisations. Phone interviews to take place in the next fortnight.

Approaches by email only.

SC Magazine - Web 2.0 security

2009-10-27T20:21:53Z

Young people entering the workplace see email as slow and have grown up with P2P and Web 2.0 applications - yet most businesses are still living in a Web 1.0 world – with security policies to match. It's already a major battle keeping email and the "vanilla" web free from attacks, malware and spam - the adoption of Web 2.0 will make the job even harder. Yet, simply closing access to unapproved tools can be short sighted as unhappy talent drifts to rival businesses with more enlightened policies.

This feature will look at ways that information security professionals can learn to "think at Web 2.0 speed", embrace the advantages of the new business tools without compromising security.

Some questions the article will answer:

What are the business advantages of adopting web 2.0 in the workplace?
Which types of businesses are more likely to adopt and encourage Web 2.0? What are the reasons for this? Which aren’t and why is that?
Does the recession make it easier for companies to restrict Web 2.0 usage by taking advantage of people’s need for employment and inability to move companies? Is this likely to come back to haunt the business?
What are the techniques that cyber criminals are using to scam employees (and consumers) via web 2.0 applications?
Even in a recession people seem to be buying more sophisticated phones and netbooks and using them for work. More people are working from home mixing domestic and business use on the same PC or Mac. What’s the best way of dealing with these trends?

I'd like to talk to the following groups of people:

Chief information security officers and other information security profesionals about their experiences of Web 2.0, good and bad and even some that may have been open to Web 2.0 to begin with but then changed their mind due to security concerns.
Experts from Facebook, LinkedIn, Twitter etc who can discuss the security of their applications and others and whether they are suitable for enterprise use (or not)
The likes of RSA, Symantec, McAfee etc.
Consultants and analysts who can either address all the issues or address specific ones mentioned above.

As usual, I'm going to want a case study of a business that has adopted Web 2.0 and successfully integrated security both in the enterprise and remotely. I'd like to be doing phone interviews during the next two weeks (until November 13th). Approaches by email only, because I'm going to be out of the office and you'll only get my voicemail if you call!

SC Magazine - securing virtualisation

2009-08-26T20:34:50Z

Can you help with the following article? This article will be appearing in SC Magazine. SC features on specific technologies and trends are designed to inform IT security professionals about the state of the art in that area.

Virtualisation is being touted as the next wave in corporate computing but its advantages bring new challenges and headaches for the information security professional. You can't move these days in IT circles for people touting the advantages of VMWare and other virtualised systems - and advantages there are many, but those bring with them security pressures and risks.

Questions to consider

What are the advantages of virtualisation?
Is it any different from network computing?
What are those security risks?
How do these risks differ from those on non-virtual systems?
Is there anything that should not, absolutely, be virtualised?
Could a virtualised system actually offer more robust security than a non virtual system? How?
Who are the leaders in secure virtual systems and what technologies do they use?

I'd like to speak to analysts, consultants, select vendors and the technical community for this piece.

I'm also looking for stats on how fast are UK businesses moving to virtualisation and what the reasons are.

Lastly, some companies like IBM are actively using virtual worlds like Second Life for serious business purposes like holding global sales meetings and to build communities for partners and customers. But how safe is this? Surely it's asking for trouble expecting virtual communities to be safe where you cannot be sure that anyone is who they say they are? I'd like to know if any other businesses are following IBM's lead, why they are doing it and what security steps they're putting in place.

I'd like to arrange interviews for this week and the week of the 7th - please note, I'm on holiday the week of the 31st so won't be able to answer questions, emails, etc during that week. My _absolute_ deadline for this piece is the 18th September.

HOW TO REPLY: send an email to pr@robbuckley.co.uk or leave a comment below

Santorini - you must go!

2009-08-21T16:04:07Z

Just got back from two weeks in Santorini. It's gorgeous, it really is, and even with two weeks, it's hard to do everything, even though it is quite a small island/archipelago. Oia is probably the most beautiful place I've ever been to, but the Prehistoric Museum in Fira is also a must-see for its Bronze Age frescos.

Holiday

2009-08-01T21:17:58Z

I'm going to be on holiday from the 4th August to the 18th August, but if you leave a message on my voicemail or send me an email, I'll get back to you when I return.

SC Magazine - The latest thinking in IT threat management

2009-07-08T11:03:59Z

IT security professionals charged with securing the information architecture of an e-commerce-driven business face special and daunting challenges. They must fight phishing attempts, identity theft, reputation management and DDoS attacks, and at the same time, the risk of media exposure of the business if they get it wrong.

What is the latest thinking in protecting an e-business from cyber attack? This feature will go behind the headlines to look at the reality of attacks and outline what IT security professionals should do to mitigate threats and deal with attacks if and when they happen.

So I'd like to speak to consultants and analysts as well as IT security professionals, including at least one for a case study, preferably about someone who has successfully defended against non-trivial attacks (DDos, hackers attempting to penetrate networks, bad employees trying to hack from within, etc), to discuss the latest security thinking.

Interview probably to mostly be conducted between 16-24th July. My final, final deadline (before anyone asks) is the 28th July.

Council languages - if it ain't English, we can't cope

2008-11-03T18:52:19Z

First, Swansea council mess up the translation of one of their signs: the Welsh says ""I am not in the office at the moment. Send any work to be translated".

Now, English councils are banning everyday Latin phrases, like 'vice versa' and 'via'.

It's worrying, isn't it?

SC Magazine: Extending the ROI on information security expenditure

2008-11-03T16:09:11Z

Deadline for leads is 7th November 2008. Email me or leave a comment below.

Extending the ROI on information security expenditure

How Information Security Professionals (ISP) can ensure that their investment in technology, people and consultants actually pays off. What are the best ways to ensure they get value for money, please the CEO and CFO and improve security - all at the same time?

The conundrum of being an effective information security professional is that if you do a good job then there aren't any tangible results -- you can only point to reduced or zero breaches. If the baord sees that the company seems to be insulated from attack it may be hard to get agreement for increased spend or bigger teams.

The problem is that the board doesn't see what you see. They don't know that you and your team are working 14 hours a day just to keep up with the waves of attacks and patching old systems.

So how does the CISO?

- Devise a budget

- Model the likely level of attack for the next four quarters (risk assessment)

- Audit current system architectures

- Work out how much to spend

- Get the best value and deals from vendors and consultants and resellers

- Prove to the board that without the investment and spend required the company would suffer monetary loss

- prove what the ROI would be on security spend

What skills does a CISO need to do all this? Are there any software tools available that can help? Can consultants help?

Should information security actually be exempt from proving ROI as it is necessary in the same way as physical security like alarms, fire exits, CCTV etc which most of the time are redundant to the functioning of the company's core business.

Box 1 recessionary times
This feature has become all the more topical given the current financial crisis and the impending recession but there are two schools of thought at the moment. One is that security spend will hold up as it's the one area that business cannot afford to skimp on because attacks may increase. Others however think that it is unlikely and that spending will be squeezed on security and at the very least legacy systems will be patched and made to last and 2009 budgets will remain static at best - cut at worst. What is the truth about all this? Who is right?

Box 2 CASE STUDY
An interview with a CISO or CSO from a well known business about how they configured their budget, got buy-in from the board and possibly devised a system to prove ROI on their architecture, policies and staff.

Highbury payouts at last

2008-10-17T13:14:10Z

Well, it's nearly been three years coming, but finally BDO Stoy Haward have started paying out the monies owed from the Highbury ring-fenced fund.

A letter arrived in this morning's post with a cheque for the full amount I was owed by Highbury for work on iCreate in January 2006. According to the letter, the trustees of the New Credit Trust applied to the court for an order confirming the beneficiaries; the court made the order on the 8th September and they're now paying out.

Once the Trustees have completed all initial distributions, they will be contacting those parties who potentially have further Trust monies outstanding to them in order that they may prove whether their debt falls within the Trust period, which was from 12 December 2005 to 20 January 2006

Hopefully, everyone will get their cheques through soon then.

August holiday

2008-07-31T11:00:02Z

I'm going to be on holiday from Friday 1st August for a fortnight. If you leave a message on my voicemail or send me an email, I'll get back to you as soon as I can when I return.

Picking a gym

2008-05-06T15:34:17Z

Finding the right gym is something of an artform. I'm not sure I've mastered it though. I spent a good week or so investigating the local gyms, ended up joining one in London Bridge and I'm not sure I made the right decision.

Virgin Active - Strand
Very nice. Very shiny. Lots of machines. Has a relatively small pool. Most of the free weights were available. Just hideously expensive, not quite as easy to get to for me as ones near London Bridge and the membership person wasn't very helpful. You also have to fill out a whole lot of forms to even get a trial. Towel service extra. Men's toilets were a bit nasty.

Fitness First - Beckenham
Good equipment. Good use of space. Helpful membership person. Towel service extra. Just a little bit soulless and very hard to get to by train and public transport.

Virgin Active - Bickley
Easy to get to if you're going by train from Victoria, since it's near Bickley station. Great facilities. Lovely pool. Massive number of machines and free weights, including the fabled power plates. Has a good café. Nicely priced too. If it had been better located, I would have joined this one (and still might).

Fitness First - Cottons (London Bridge)
The one I actually joined. Reasonably priced (compared to Virgin Active - Strand anyway). Has a smallish pool. However, it's always busy; the front of counter staff and membership staff don't seem to care; they messed up my health check-up booking so I never got it; the pool flooded the lower levels; I've been turfed out once because they were closing the gym at 3.00pm to connect it back up to the National Gird; almost all the doors have been taken off the men's lockers (I don't know why); they gave me someone to set up a training programme who had never used half the machines; and it closes at 6pm on Saturdays and Sundays (I was turned away at 5.30pm). And all that in only the last fortnight. Towel service included though.

Going to Wales for the weather

2008-04-14T09:02:00Z

Weather in London

Weather in Wales

What's up there then?

Pancake Day excitement

2008-02-05T12:41:22Z

It's Shrove Tuesday today. Does it say something about me that I'm more excited by the thought of Pancake Day than I get about my own birthday?

Christmas subs joke

2007-12-22T16:14:26Z

Q: What are Santa's little helpers called?
A: Subordinate Clauses