Free Download of "Next Generation Firewalls for Dummies"

Palo Alto Networks, which I posted about recently, is now giving away free downloads (pdf) of the text "Next Generation Firewalls for Dummies". (Well free, sort of - you do have to fill out the form with your contact info, of course, but I've been on their e-mailing list for awhile and they're not too annoying - the e-newsletter they send out every week or so actually has some useful stuff.)

Anyway, I'm in no way affiliated with these guys except that I was really impressed with Nir Zuk, their founder & CTO, when I saw his presentation at RSA awhile back. I learned a lot from him in a very short time there. And I just now downloaded and browsed the book a bit and it looks really useful.

Of course, this isn't really infoSec management strictly speaking but we did cover firewalls in the 118c course because you need to know the technology basics to be able to tackle the associated managerial issues. And this book, in classic "Dummies" style, looks really readable by anyone - there's a section that reminded me of that Chris Rock joke "Laws are not suggestions!". This book section is entitled "Compliance is not Optional!" And from what I saw Nir Zuk describe at RSA, this new FW generation really is a departure from the old style and much needed in today's threat environment. (Really, I get no money if you buy one...I'm just saying.)

So take a look and post back comments here with your feedback to let us know what you think.

Golden Opp for Undergrad Research Program in Cybersecurity

Here's something too good to pass up if you're eligible - It's an 8-week summer research experience in Cybersecurity for undergraduates, sponsored by a grant from the National Science Foundation. It gives you a chance to work on a project directed by faculty at top universities (Stanford, UC Berkeley, Cornell, Vanderbilt and Carnegie Mellon) and it costs nothing - they 'pay' you a $4,000 stipend and they even provide room & board! It's crazy.

One of my former students got into this program a couple of years ago and said it was just awesome. But you have to be a US citizen or permanent resident and have a GPA of 3.0 or above 'with an upward trend.' If you've got that I would strongly encourage you to apply. (Deadline: March 1st)

Take a look at this web page that describes the program and has links to a flyer and the application. It's part of the TRUST site (Team for Research in Ubiquitous Secure Technology) which is a partnership that SJSU is part of. I've worked with the team for years, along with Sigurd Meldal, the chair of the SJSU Computer Engineering Department, and they do all kinds of terrific programs but this is the one you can take advantage of as an undergraduate. Don't miss out. Seriously. Don't.

Free Expo Registration Code for RSA 2011 SF

While browsing the Palo Alto Networks site for the previous post, I noticed they posted a free expo registration code for the upcoming RSA conference at Moscone in SF (currently near bottom under "Event's > RSA").

In the past, the expo pass gives you access to a lot more than just the vendors and you can learn a lot even from just them. See more on why/how I recommend going to the RSA with an expo pass on the "Keep Learning" page of this blog.

Recommended Learning Opp: Nir Zuk of PA Networks

Well this is kind of peripheral to infoSec management except that you need to keep abreast of the evolving technology to manage effectively and this is a good way to do that for firewall technology. It's a webinar on enterprise firewalls, part of a series sponsored by Palo Alto Networks and featuring Nir Zuk, their founder and CTO.

This episode of the series is scheduled for Jan 26  at 11am. Registration is free but of course, it's designed to sell their equipment and so must be taken witha healthy does of skepticism. I still recommend this because I was so impressed when I saw him make a presentation at their booth at RSA a couple of years ago. He apparently developed or helped develop the original stateful firewall and has innovated what they claim is the 'next generation' so he seems to really know his stuff and he presents really clearly and compellingly. I learned a lot from him in a short time at RSA so I'm comfortable recommending this, despite the marketing aspect. Post back here with your feedback if you watch.

Yet Another Scary Vid: RFID Skimming

This one from a local news station in Memphis shows a guy skimming credit card numbers wirelessly off tourists walking down Beale Street. The guy sells card sleeves that block the signal. Might be worth it. (Hmm....wonder if this is how my account wound up with a bogus charge of $5,000 at Nordstrum's in Seattle last week?) Enjoy...

Feel (a little) Better: Brainy infoSec Research

agonizing the threat landscape?

Recently  I had a chance to see some of the smartest, up-and-coming minds in infoSec research present their projects over at Stanford last month at the Autumn Conference of TRUST (Team for Research in Ubiquitous Secure Technology. The pic is not them (it's a Rodin sculpture on the campus entitled Burghers of Calais which sounds like a pretentious fast food restaurant) but the figures embody the kind of angst I often feel about the ever-scarier threat landscape out there. 

But the good news is: the presentations gave me hope. There are some scary-smart people out there working on cool stuff like:

• Fault-Tolerant Distributed Reconnaissance 
• How to Verify Reference Monitors without Worrying about Data Structure Size
• Modeling Cyber-Insurance

Here's the conference program listing them all.

I was totally impressed. Though i could only digest about 1/3 of what they were saying, I could tell these were important, fundamental contributions and we were all fortunate to have amazing minds like this on our side. (Yeah, I know there are similar ones out there working for the bad guys but I'll put these guys up against any of them.) 


So...a little hope, anyway.