Security Catalyst Community Roundup – May 6th, 2008

May 6, 2008

What is the Security Catalyst Community?Community

The Security Catalyst Community is a forum where individuals who are interested in or work in the Information Security field can come together and leverage each others strengths and experiences. There are several things that make this forum so great:

  • Everybody uses their real name. That may seem like something odd to bring up, but in my opinion, knowing who you are talking to is part of what it means to be in a community.
  • Very high signal to noise ratio. I would go so far as to say there is no noise on the forums.
  • Very knowledgeable people. When you post something, you are guaranteed to get responses from individuals who have a significant amount of knowledge and experience and are very willing to share it with you.

Where is it?

It is right here! One note, in order to read the forums you will need to register first.  So go do that now and come back when you are done.

What kinds of things get talked about?

Instead of talking about topic areas and what different aspects of Information Security are discussed, let’s take a look at a few recent posts:

Don Weber posted a question about how to measure whether a security team is overburdened or not. A great discussion followed with helpful tips on how to gather metrics that can be used to answer the question.

Allen Baranov is in the unenviable position of inheriting a couple of IPS devices and was looking for some guidance on best practices on managing rule sets. Again, several folks stepped and shared their experiences which provided a good base to start from.

Jay Benson was looking for diagram of how WPA2 actually works for a presentation he is giving and the theme of folks helping out continues as a couple folks pointed him to some resources that might be of help.

Fred Donovan posted an observation about geeks.com, “Hacker Safe” and a letter sent our to geeks.com customers regarding their site being hacked last month. A very interesting discussion followed that is worth reading.

The last item I would like to mention is one that was also posted by Don. It was posted in October of last year, but has seen some recent activity. It poses the question “How do you do Email?” A great set of posts follow in which people share their strategies for dealing with our overflowing inboxes.

Who participates?

Here is a bunch of folks who participate and have blogs. Yes, it is a long list, but it is worth your while to visit these blogs a regular basis.

The Security Catalyst (Michael Santarcangelo) | http://www.securitycatalyst.com
The Network Security Blog and Podcast (Martin McKeay) | http://www.mckeay.net
Security Ripcord Blog and Podcast | http://blog.cutawaysecurity.com
Education Security Incidents (Adam Dodge) | http://www.adamdodge.com/esi
An Information Security Place (Michael Farnum) | http://infosecplace.com/blog
Andy, IT Guy (Andy Willingham) | http://andyitguy.blogspot.com/
Andrew Hay | http://www.andrewhay.ca/
Scott Wright (Security Views) | http://www.securityviews.com
Security Renaissance | http://securityrenaissance.com/
Marcin Wielgoszewski | http://www.tssci-security.com
John Biasi | http://www.john-biasi.com
Chris Hoff | http://rationalsecurity.typepad.com
RioSec Security WebLog (Chris Byrd) | http://www.riosec.com
James Costello | http://genesyswave.bloggerteam.com/
Harlan Carvey, CISSP | http://windowsir.blogspot.com
Jon Robinson | www.jonsnetwork.com
Chris Harrington | www.infosecpodcast.com
John Gerber | http://www.securitymonks.com
Steve Mullen | http://skmullen.wordpress.com
Rory McCune | http://www.mccune.org.uk/
Rebecca Herold | http://www.realtime-itcompliance.com
Randy Armknecht | http://www.rarmknecht.net
Didier Stevens, CISSP | https://DidierStevens.com
Amrit Williams | http://techbuddha.wordpress.com
David D Bergert, CISSP, CISA | http://www.infosecblurb.com
Justin Clarke | http://www.justinclarke.com
Andrew Storms | http://blog.ncircle.com/blogs/sync
Lori MacVittie | http://devcentral.f5.com/weblogs/macvittie/
Rob Newby | http://robnewby.blogspot.com
Andrew Mason | http://infosecandpcifromscratch.blogspot.com
Andy Steingruebl | http://securityretentive.blogspot.com/
Security Thoughts (Allen Baranov) | http://securethink.blogspot.com
Jeff Stebelton | http://jeffsoh.blogspot.com
Brad Andrews | Brad on Security http://bradonsecurity.blogspot.com
Anton Chuvakin | www.securitywarrior.org
Eric McMillen | http://www.mcmillengroup.com/blog/
Dana Hendrickson | http://www.secureaccesscentral.com/wordpress/
Tyler Reguly | http://www.computerdefense.org & http://blog.ncircle.com/vert
Keith Kilroy | http://blog.securitynow.us
Peter Giannoulis | http://www.theacademy.ca
Walt Conway | http://treasuryinstitute.org/blog/

Um..this post is long, how do I join again?

Simply go to http://www.securitycatalyst.org/forums/ and click on the register link. You will not regret it.

Kevin Riggins