Keep Learning

So this is a page of resources for learning about infoSec management (emphasis on learning and on management of infoSec in orgs). I'm posting the one's I've discovered and found useful to my learning but there are no doubt lots of others I haven't run across yet so I'm enabling comments to this post so that you can contribute yours, too. But when posting, please:
  1. keep in mind the emphasis on learning and primarily management,
  2. no spam, please,
  3. make certain your links work,
  4. explain why & how they're useful,
  5. be concise, clear and use good grammar, and
  6. follow the format I'm establishing with my own resources below.
Thanks for sharing! Now, here are my own favorites:
  • The Silver Bullet Security Podcast is a terrific monthly series of interviews with the brightest stars of the InfoSec world. (See the bottom of this page to find out who's appearing in the current episode.) I listen to these during my commute and I learn a lot from them nearly always. If you listen closely you can pick up on not just what they're saying but their mindset and way of thinking and looking at the world - tremendously valuable, too. All the archives are there - my favorites are Ross Anderson and Dan Geer. I suggest you subscribe so you'll always have the newest episode delivered to your iPod automatically.
  • A terrific, very understandable primer on cryptograhpy - a white paper from PGP (recently acquired by Symantec). It's free you just have to register, giving your name &  email, etc. to download it.
  • Also from PGP, some very insightful podcasts from experts in the field. My favorites are the ones with Jim Reavis on Insider Threats, Dr. Larry Ponemon on research into the costs of data breaches, and Collen Ebel on how they actually implemented encryption at the University of Florida.  On this PGP page there are more learning resources, including webcasts and research reports that look really good though I haven't watched/read them myself yet.
  • One of the best ways to learn and keep learning is to "follow the leaders"- track what the best & brightest minds in infoSec are saying. I have a few favorites I can suggest:
    • Bruce Schneier is one of the most well-known experts in the field,  full of provocative and controversial views. You can really pick up some brilliant insights and perspectives from reading his blog, Schneier on Security, regularly. (His latest post appears at the bottom of this page!) I recommend subscribing so you can keep up with his latest thoughts. (Every Friday he posts something new about giant squid - one of his quirks.)
    • Here's a youtube vid of Dan Geer, one of the brightest minds in the infoSec world. He's kind of a hero in the infoSec community after he got fired from his previous job for a writing a report that said our country's reliance on Microsoft as a (near) sole source was a national security risk. This is a conference presentation (part 1 of 6...you can follow links to the rest) that's full of amazing insights from this guy who is very insightful, even if a bit strange.

    • Ross Anderson's a professor at the University of Cambridge in England. He does research on all kinds of cutting edge issues in infoSec with a focus on the economic perspective which I think gets to the heart of it all. It explains the motivations for the behaviors we see and it gives us the best chance for finding solutions that will change that behavior. I think if there is any hope for eventually winning the "arms race" (better defenses > better hacks > even better defenses > even better hacks), it will be some kind of economic-based solution that will break the cycle. Check out his home page with a host of links to fascinating research and resources.
    • Clifford Stoll is one of my hero's. He's an astrophysicist and a total nerd but a great guy who stumbled into one of the most classic and amazing stories of hacking and forensics ever told. He wrote a book about it called the Cuckoo's Egg which is highly acclaimed and I recommend reading it for the full story but the PBS show Nova made it into a video that is unfortunately only available today on YouTube. Part 1 of 6 is below but you can follow links to the rest. Even though it dates from the early days of the Internet, the principles he applied hold up just fine in today's context too. You will love this vid:
    • Mark Seiden is just an amazing character. Here's a short bio from the infoSec company he founded nearby in San Mateo. But the most interesting way to learn from him right now is to read this article from the New York Times ("The Sniffer vs, the Cybercrooks") and listen to the accompanying podcast where he describes the art of "pen-testing" or penetration testing which is being paid as a consultant by an organization that wants him to test their defenses by trying to breach them. He's a master. I listened to this many times and learned a lot from it myself. Plus it's just really entertaining.
    • Listen your way through the Silver Bullet Security Podcast described above and you'll discover your own infoSec hero's to follow.  
  • The RSA conference is a huge gathering of the top vendors, experts and working professionals and educators in the information security field and it's a fantastic opportunity for you to learn because it's held in SF every spring and you can get in for free. You just need to Google up a free expo pass (in advance of the event - in 2011, it's Feb 14-18). This will get you into some of the expert talks and into the vendor exhibits, where you can learn a lot, too - but remember these guys are selling so take what they say with a grain of salt and also, as a professional courtesy, get out of their way when they have a real potential customer they're trying to hook, please.

No comments:

Post a Comment

Subscribe to: Posts (Atom)