"Security in the Third Wave of IT Engineering"

November 24, 2011

Today I gave a presentation at UNAM's 2011 Computer Security Conference in Mexico City. Below you will find my presentation (done using prezi.com, follow this link if you can't see it below). You can also get the PDF version.

Security in the Third Wave of IT Engineering on Prezi

Layer 8: The exception IS the rule

July 9, 2010

Whenever you look at a firewall rule, half the time you’re going to be asking yourself, “Why is that there? Did *I* put it there? Do we still need it?” It would sure be nice if the explanation were right there, as a comment that could be version-tracked, exported into nice reports, searched on, and placed in a standard format that would be compatible with other exception entries in other tools. (Kind of like a syslog for exceptions.) It would be nice if you could mark a scanner finding as, “We KNOW it’s there. We’re not going to fix it. Just for these two machines, STOP REPORTING ON THIS.”)

via layer8.itsecuritygeek.com

Insightful article. I can't count the number of times I have asked myself exactly this, and hoped for a good, INTEGRATED way of keeping track of these exceptions.

Rugged software

February 17, 2010

I am rugged - and more importantly, my code is rugged.

I recognize that software has become a foundation of our modern world.

I recognize the awesome responsibility that comes with this foundational role.

I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.

I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.