Beyond The Perimeter

With Amrit Williams

Quantivo Chief Technology Officer, former Gartner Research Director, and noted IT Industry blogger Amrit Williams and his guests share their expertise on a wide range of information technology issues impacting business, government, and other large public and private sector organizations

Subscribe in iTunes

Episodes:

Episode 99: Should Security Compliance Fall on the Independent Software Vendor?

Amrit Williams, BigFix CTO, looks at the responsibility of the ISV in security compliance with Jack Danahy, founder of Ounce Labs, and now the World Wide Security Executive for the Rational division of IBM.

Dec 16th, 2010
Duration: 22:43
Episode 98: Is Education the Key to a Rapidly Evolving Security Marketplace?

Amrit Williams, BigFix CTO, discusses the role of education in security with Jack Danahy, founder of Ounce Labs, and now the World Wide Security Executive for the Rational division of IBM.

Dec 2nd, 2010
Duration: 20:53
Episode 97: What Changes do Businesses Need to Make in the Coming Year?

Amrit Williams, BigFix CTO, concludes his discussion about the Verizon Business 2010 Data Breach Report with Alex Hutton, Principal of Research and Intelligence at Verizon Business.

Sep 3rd, 2010
Duration: 17:33
Episode 96: Verizon Business Releases the 2010 Data Breach Report

Amrit Williams, BigFix CTO, digs into the details of the Verizon Business 2010 Data Breach Report with Alex Hutton, Principal of Research and Intelligence at Verizon Business.

Aug 28th, 2010
Duration: 19:02
Episode 95: What's Next? Looking to the Future of Cloud Computing

Amrit Williams, BigFix CTO, discusses the possibilities for cloud computing in the next few years with Chris Hoff, Director of Cloud & Virtualization Solutions of the Security Technology Business Unit at Cisco Systems.

Jul 30th, 2010
Duration: 08:36
Episode 94: Overcoming Compliance Requirements and Legacy Systems When Moving to the Cloud

Amrit Williams, BigFix CTO, continues his discussion on effectively using cloud computing at the enterprise level with Chris Hoff, Director of Cloud & Virtualization Solutions of the Security Technology Business Unit at Cisco Systems.

Jul 23rd, 2010
Duration: 23:42
Episode 93: Is Trust the Real Barrier to Cloud Computing?

Amrit Williams, BigFix CTO, discusses the barriers to effectively using cloud computing at the enterprise level with Chris Hoff, Director of Cloud & Virtualization Solutions of the Security Technology Business Unit at Cisco Systems.

Jul 16th, 2010
Duration: 22:43
Episode 92: The Inconvenient Truth of Security from the 2010 InfoSec Conference

Amrit Williams, BigFix CTO, discusses Cloud Computing and other trends with Philippe Courtot, CEO of Qualys Inc. at the 2010 InfoSec Conference.

Jun 26th, 2010
Duration: 22:48
Episode 91: Horror Films to Hackers

Amrit Williams, BigFix CTO, discusses the lessons learned from the film industry with inventor, nCircle founder, and Life Zero blogger John Flowers.

Jun 18th, 2010
Duration: 24:13
Episode 90: What in the World is a Kane Box?

Amrit Williams, BigFix CTO, discusses the forthcoming network security tool, the Kane Box with inventor, nCircle founder, and Life Zero blogger John Flowers.

Jun 11th, 2010
Duration: 25:29
Episode 89: How to Create a CSIRT

Amrit Williams, BigFix CTO, discusses the details of how to create a successful CSIRT with Ireland's own Brian Honan of The Irish Reporting and Information Security Service.

Jun 4th, 2010
Duration: 17:10
Episode 88: Malware Free Europe?

Amrit Williams, BigFix CTO, discusses information security education and response with Ireland's own Brian Honan of The Irish Reporting and Information Security Service.

May 29th, 2010
Duration: 18:24
Episode 87: Verizon Call Out the Vulnerability Pimps

Amrit Williams, BigFix CTO, continues his discussion with Mark Maiffreit of Fire Eye on emerging threats and the new vulnerability pimps.

May 22nd, 2010
Duration: 14:12
Episode 86: Modern Malware Exposed!

Amrit Williams, BigFix CTO, discusses the malware landscape and new resources available to IT professionals with Mark Maiffreit of Fire Eye.

May 14th, 2010
Duration: 14:40
Episode 85: Connecting Consequences to People's Actions, Part 2

Amrit Williams, BigFix CTO, takes an in depth look at security awareness and training with security catalyst Michael Santarcangelo. Part One.

Apr 30th, 2010
Duration: 17:23
Episode 84: Connecting Consequences to People's Actions, Part 1

Amrit Williams, BigFix CTO, takes an in depth look at security awareness and training with security catalyst Michael Santarcangelo. Part One.

Apr 26th, 2010
Duration: 12:03
Episode 83: Geekonomics and the Impact of Insecure Software, Part 2

Amrit Williams, BigFix CTO, discusses with David Rice, author of Geekonomics, ways to create incentive for increasing software assurance.

Apr 2nd, 2010
Duration: 22:17
Episode 82: Geekonomics and the Impact of Insecure Software, Part 1

Amrit Williams, BigFix CTO, discusses Author David Rice's concept of Geekonomics in this two part interview.

Mar 26th, 2010
Duration: 21:53
Episode 81: Moving Security and Management Outside of the OS

Amrit Williams, BigFix CTO, discusses how enterprises can move security and management facilities outside of the OS with Chad Jones and Bill Corrigan of Neocleus.

Mar 20th, 2010
Duration: 18:31
Episode 80: Finding the "So What" of Virtualization

Amrit Williams, BigFix CTO, discusses current limitations and new possibilities of virtualization with Chad Jones and Bill Corrigan of Neocleus.

Mar 12th, 2010
Duration: 18:58
Episode 79: Cyber-crime Vs. Cyber-warfare Vs. Cyber-espionage

Amrit Williams, BigFix CTO, discusses the differences between cyber-crime, cyber-warfare, and cyber-expionage with Will Gragido and John Pirc of Cassandra Security.

Mar 6th, 2010
Duration: 14:58
Episode 78: The More Threats Change, The More Solutions Stay The Same

Amrit Williams, BigFix CTO, discusses how the ever-changing threat landscape is met by a static set of solutions. He is joined by Will Gragido and John Pirc of Cassandra Security.

Feb 26th, 2010
Duration: 16:20
Episode 77: Is Your Software RUGGED?

Amrit Williams, BigFix CTO, investigates the new RUGGED Software Manifesto with its authors by Joshua Corman and David Rice.

Feb 20th, 2010
Duration: 29:50
Episode 76: APT's Vs. SMT's

Amrit Williams, BigFix CTO, discusses advanced persistent threats and subversive multi-vector threats with Will Gragido and John Pirc of Cassandra Security.

Feb 13th, 2010
Duration: 19:50
Episode 75: Women in Security, and the Pitfalls of Offshore Banking

Amrit Williams, BigFix CTO, discusses with Andrew Hay the challenges women in security face and also the many security issues surrounding offshore banking.

Feb 6th, 2010
Duration: 17:36
Episode 74: The Good, The Bad, and The Ugly of Being an Author

Amrit Williams, BigFix CTO, discusses the ins and outs of writing tech books with author Andrew Hay.

Feb 2nd, 2010
Duration: 16:31
Episode 73: Is the Auditor Scarier Than the Attacker?

Amrit Williams, BigFix CTO, discusses how profit and politics have changed the security landscape with John Corman, research director for the enterprise security practice at The 451 Group.

Jan 22nd, 2010
Duration: 23:14
Episode 72: What Are the Real Threats for 2010?

Amrit Williams, BigFix CTO, takes a look back at 2009, and a look ahead at what the real threats of 2010 will be with Mike Rothman, founder of Security Incite.

Jan 15th, 2010
Duration: 20:26
Episode 71: Is Information Asymetry the Biggest Threat to Information Security?

Amrit Williams, BigFix CTO, discusses the information divide between the good guys and the bad guys with Josh Corman, research director for the enterprise security practice at The 451 Group.

Jan 8th, 2010
Duration: 17:26
Episode 70: Blocking and Tackling with Log Management and SIEM

Amrit Williams, BigFix CTO, discusses how many enterprises are still struggling with log management and SIEM with Mike Rothman, founder of Security Incite.

Jan 1st, 2010
Duration: 9:36
Episode 69: Trends and Challenges for 2010

Amrit Williams, BigFix CTO, discusses the trends and challenges in technology for 2010 with Mike Vizard, editor of CTO Edge.

Dec 25th, 2009
Duration: 11:51
Episode 68: Technology, Journalism, and the Flow of Information

Amrit Williams, BigFix CTO, discusses the current state of tech journalism and how we receive information with Mike Vizard, editor of CTO Edge.

Dec 18th, 2009
Duration: 13:08
Episode 67: Working Safe Online and On The Road

Amrit Williams, BigFix CTO, discusses how to work remotely while maintaining a secure online environment with Mike Rothman, founder of Security Incite.

Dec 11th, 2009
Duration: 13:19
Episode 66: Is the Economic Downturn Over?

Amrit Williams, BigFix CTO, discusses the outlook on the economy for 2010 with Jack Phillips, co-founder of IANS, the Institute for Applied Network Security.

Nov 24th, 2009
Duration: 12:52
Episode 65: IANS Offers Vendors and Users a High Value Proposition

Amrit Williams, BigFix CTO, discusses with Jack Phillips, co-founder of IANS, the Institute for Applied Network Security. the value IANS offers to both users and vendors.

Nov 20th, 2009
Duration: 10:38
Episode 64: Peer Based Research Breaks the Analyst Mold

Amrit Williams, BigFix CTO, discusses the benefits of peer based research with Jack Phillips, co-founder of IANS, the Institute for Applied Network Security.

Nov 17th, 2009
Duration: 11:12
Episode 63: What is the Future of Application Control?

Amrit Williams, BigFix CTO and Tom Murphy of Bit9 discuss the future of application control as new technologies like cloud computing and virtualization permeate the marketplace.

Nov 13th, 2009
Duration: 08:21
Episode 62: Tuning Application Control Technologies

Amrit Williams, BigFix CTO discusses application control with Tom Murphy of Bit9, and how to avoid endpoint lockdown.

Nov 10th, 2009
Duration: 11:13
Episode 61: Can Whitelisting Secure Endpoints Without Interupting Work Flow?

Amrit Williams, BigFix CTO discusses Whitelisting with Tom Murphy of Bit9, and what practices can embolden endpoint security without disturbing work flow.

Nov 6th, 2009
Duration: 8:18
Episode 60: Insiders: Security Threat or Ally? Part 3

Amrit Williams, BigFix CTO winds up the conversation with author and speaker Michael Santarcangelo on the nature of insider threats and how to manage them.

Oct 30th, 2009
Duration: 12:08
Episode 59: Insiders: Security Threat or Ally? Part 2

Amrit Williams, BigFix CTO continues the conversation with author and speaker Michael Santarcangelo on the nature of insider threats and how to manage them.

Oct 27th, 2009
Duration: 10:27
Episode 58: Insiders: Security Threat or Ally?

Amrit Williams, BigFix CTO begins an interesting series of conversations with author and speaker Michael Santarcangelo. Michael questions the statistics and growing concerns over insider threats.

Oct 23rd, 2009
Duration: 9:18
Episode 57: Unifying Virtual and Bare Metal Computing, Part 2

Amrit Williams, BigFix CTO continues his conversation with Vikram Desai, president and CEO of Liquid Computing on optimizing virtual and bare metal computing to optimize service provision to end users.

Oct 20th, 2009
Duration: 7:46
Episode 56: Unifying Virtual and Bare Metal Computing, Part 1

Amrit Williams, BigFix CTO speaks with Vikram Desai, president and CEO of Liquid Computing on optimizing virtual and bare metal computing to optimize service provision to end users.

Oct 16th, 2009
Duration: 8:04
Episode 55: Web Applications Need Security Too, Part 3

Amrit Williams, BigFix CTO concludes his interview with Doug Wilson co-chair of Open Web Application Security Project Washington DC chapter, focusing on what enterprises can do to include security into the product development life-cycle.

Oct 6th, 2009
Duration: 10:48
Episode 54: Web Applications Need Security Too, Part 2

Amrit Williams, BigFix CTO continues his interview with Doug Wilson co-chair of Open Web Application Security Project Washington DC chapter, highlighting the upcoming OWASP-sponsored AppSecDC conference Nov. 12-13 at the Washington DC Convention Center.

Oct 2nd, 2009
Duration: 10:24
Web Applications Need Security Too: Part 1

Amrit Williams, BigFix CTO speaks with Doug Wilson co-chair of Open Web Application Security Project (OWASP) Washington DC chapter and Michael Smith, the Guerilla CISO, on community efforts to improve security of web-based applications. OWASP sponsors conferences, meetings and a forum information exchange on web application security. Web application security differs from traditional application security owing largely to their rapid, often in-house development cycles based on "get it out now" business cultures.

Sep 29th, 2009
Duration: 11:05
Information Security and the Application Stack Part 3

Amrit Williams, BigFix CTO concludes his conversation with Brad Arkin, Adobe Systems director of security and privacy, this time focusing on Adobe's processes to build in security during the product development cycle. Security has a seat the table for all development projects, ranging from individual security champions for small projects to dedicated teams for large, flagship products. Security experts also review legacy code that while secure 10-15 years ago, were created without psychic foreknowledge of future threat technologies.

Sep 25th, 2009
Duration: 9:30
Information Security and the Application Stack Part 2

Amrit Williams, BigFix CTO continues his conversation with Brad Arkin, Adobe Systems director of security and privacy focusing on post-release patch and update processes.

Sep 22nd, 2009
Duration: 10:20
Information Security and the Application Stack Part 1

Amrit Williams, BigFix CTO talks to Brad Arkin, Adobe Systems director of security and privacy, about Adobe's programs to improve security properties of its widely used software products both during development and after release to the field.

Sep 18th, 2009
Duration: 9:38
Do We Need to Regulate Software Development?

Amrit Williams, BigFix CTO continues his conversation with Adam Shostack, Emergent Chaos leader of the band, about the trade-offs of emphasizing security versus user experience in software development. Amrit asks the question why shouldn't security be built into software instead of being treated as an add-on? And if society agreed that should be the case, should software product development and release be subject to external regulation? Both speakers concede that compliance efforts such as PCI and Sarbanes-Oxley have not had a magic effect on software security. Shostack suggests an alternative approach to software development, adding economists, sociologists and anthropologists to development projects to better understand user behaviors and insulate software from them.

Sep 15th, 2009
Duration: 10:12
Overcoming the IT Security Crisis

Amrit Williams, BigFix CTO, begins a three part conversation with Adam Shostack, bandleader of the Emergent Chaos blog site and author, most recently of "The New School of Information Security," co written with Andrew Stewart. Shostack believes that the current information security crisis results from viewing the problem as a technical one disconnected from social and economic contexts. Here, Shostack cites the work of economist George Akerlof in analyzing economic actor choices in markets characterized by incomplete information, a situation often faced by buyers of software products trying to determine how vulnerable the product is to security attacks.

Sep 11th, 2009
Duration: 10:10
The IT Security Industry Winter

Amrit Williams, BigFix CTO talks with Peter Kuper, former analyst Morgan Stanley and SC Gowen, now associated with the IANS organization on the impact of the recession on the security industry. IT security spending is down, and with it, investments in security start-ups and innovation initiatives. Kuper believes that good new technologies and well managed companies can still attract investors and customers. Furthermore, the industry supports tier of robust, established private IT security companies weathering and even prospering in current conditions. While the short term remains challenging, Kuper believes that good technologies and companies can still get a foothold in the current economic environment.

Sep 8th, 2009
Duration: 12:42
Coping With the Malware Explosion

Amrit Williams, BigFix CTO, continues his conversation with Al Huger, founder of Immunet, focusing on how the explosion in the types of malware has completely overwhelmed conventional anti-virus technologies and how Immunet is developing community-based solutions to the malware problem. Huger says that every month, 2 million new strains of malware appear on the Internet, swamping conventional signature-based malware products. Furthermore, the nature of malware has changed from loud, obvious pranks to stealthy attacks that require only a few seconds to steal desirable data and then disappear or lay dormant. Immunet works by identifying malicious files and preventing their download onto protected PCs, a sharp contrast to current generation products that fight malware only after it has put down roots in an infected machine.

Sep 4th, 2009
Duration: 12:29
Clouds, Communities and New Models for Anti-Virus

Amrit Williams, BigFix CTO, talks with Al Huger, serial security start-up entrepreneur, on Huger's latest venture, Immunet. Huger believes that the rapid mutation of malware has oustripped the ability of signature-based anti-virus products to cope with it. Immunet proposes a community-based cloud approach, where communities of similarly employed computers (for example, an enterprise-office worker community, or 18-25 year old social media junkie community) share information in a cloud and take measures to stop aberrant behaviors. Although Huger says his company focuses initially on consumer markets, Amrit believes that enterprises might also take to this approach.

Sep 1st, 2009
Duration: 11:16
Can IT Security, Operations, and Senior Management Speak the Same Language?

In this third conversation between BigFix CTO Amrit Williams and Cambridge Infosec Associates principal Nick Selby, Selby says that between IT security, operations and general management suffer greatly from poor communications. Lack of a common language not only prevents cross-functional security programs, but even inhibits discussion of security issues in business-like terms. Here, security professions need to stop talking about "threats" and be able to articulate calculated "risks" to the organization's vital interests emanating from IT security concerns.

Aug 28th, 2009
Duration: 12:18
The Oil and Water Relationship of Compliance and Security

BigFix CTO Amrit Williams continues his conversation with Cambridge Infosec Associates principal Nick Selby, turning to Selby's view that too many organizations confuse IT compliance with security. Here, senior managers often find themselves asking, "Why did we suffer a security breach when we were in compliance with regulation X?" Selby also believes that IT security staffs are sometimes guilty of manipulating the compliance mission to attract funding and backing for security programs.

Aug 26th, 2009
Duration: 12:40
The Education of an IT Risk Management Consultant

BigFix CTO Amrit Williams and Nick Selby, co-founder of Cambridge Infosec Associates talk about Nick's new security risk management consultant company. Amrit and Nick also recall their previous work as information technology industry analysts at, repectively Gartner and The 451 Group. They agree that their work at these firms was excellent preparation for their current roles as security and system management company CTO and risk management consultant.

Aug 21st, 2009
Duration: 9:30
Security B-Sides: Party With a Purpose

BigFix CTO Amrit Williams gets the low down on the Security B-Sides events from Jack Daniel, self-described Security Curmudgeon. Security B-Sides have grown up rapidly as a forum for papers and and presentations that did not make it on to the official program at Black Hat and Defcon Conferences dute to time and logistics limitations. Daniel reports on this year's B-Sides that brought together security luminaries at a private residence five miles off the Vegas Strip for informal information exchange, purposeful relaxation, and professional socialization. Better yet, Security B-Sides is growing into a series of events around the US, with the next installment scheduled for San Francisco on the fringes of the 2010 RSA Conference. For more information, visit www.securitybsides.com

Aug 18th, 2009
Duration: 14:43
Taking Care of the Fundamentals

BigFix CTO Amrit Williams meets up with IT Security Curmudgeon Jack Daniel to talk about practical approaches to IT security for small and medium businesses (SMB). In Daniel's view, smaller organizations would do themselves a world of good by taking simple and prudent measures to reduce security risks rather than reacting to the latest reports of exotic attacks on high-value infrastructures. As the old saying goes, one does not need to outrun bears so much as run faster than other people being chased. For more on Jack Daniel, visit http://blog.uncommonsensesecurity.com/

Aug 14th, 2009
Duration: 12:44
Compliance: Security Floor or Ceiling?

BigFix CTO Amrit Williams, continues his conversation with Ryan Russell, focusing in on whether security compliance efforts such as PCI, Sarbanes-Oxley, Common Criteria incent organizations to achieve baselines of acceptable security or inhibits security professionals from effectively dealing with real and urgent security issues.

Aug 12th, 2009
Duration: 12:44
Black Hat, Defcon, Hackers for Charity and More

BigFix CTO Amrit Williams, speaks with Ryan Russell, who reports on this year's Black Hat and Defcon conferences, with special emphasis on Johnny's Long's Hackers for Charities talks at the shows. Johnny has moved his family to Uganda and in the last several weeks has set up computer classrooms in the country and attracted the support of the Uganda Ministry of Energy. For more on Hackers for Charity, visit http://johnny.ihackstuff.com/ and, while you're there, why not make a contribution to the BigFix Hackers for Charity Matching Fund?

Aug 8th, 2009
Duration: 13:38
Securing Web Applications: Improving the Application Development Life Cycle

BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman conclude their discussion on web application security by looking at ways organizations can build in security features and resistance to attack over the life cycles of in-house developed web applications. While design-for-security should start in the initial spec and coding processes, security mindedness needs to continue throughout an application's life cycle as the application evolves to meet changing technical and business requirements.

Jul 28th, 2009
Duration: 14:33
Securing Web Applications: Instituting Operational Controls

BigFix CTO Amrit Williams and White Hat Security CTO Jeremiah Grossman continue their discussion on web application security by looking at what kinds of operational controls organizations can institute to enable more effective management and protection of web applications over their life cycles. As many web applications are in-house efforts, this often requires organizations to make decisions and enforce policies that would otherwise be the domain of third-party application vendors.

Jul 24th, 2009
Duration: 11:23
Securing Web Applications: Surveying the Threat Landscape

Amrit Williams, BigFix CTO begins a three-part discussion with Jeremiah Grossman, CTO of White Hat Security on web application security. In the first part, Amrit and Jeremiah review the nature, severity, and spread of threats to the security and integrity of web applications. Web applications differ from commercial applications and system software as the majority of them are developed in-house. Not only are there no external resources to provide patches, updates and vulnerability fixes, web applications may not be fully documented or designed for easy updating.

Jul 21st, 2009
Duration: 10:20
Cybsersecurity, Cyberdefense and Cyberwarfare: Part III

Part III of the conversation with Amrit Williams, Michael Smith and Dan Philpott moves on to look at private sector adoption of government-developed IT security standards and policies, a field guide to current NIST FISMA documents, and which private organizations-mostly government contractors-must comply with government security standards. The discussion concludes on increasing government IT security spending and how the government will spend it. In particular, will the new spending emphasize tools and capital goods and relatively neglect developing human expertise in the field.

Jul 14th, 2009
Duration: 12:44
Cybsersecurity, Cyberdefense and Cyberwarfare: Part II

Part II of this discussion involving Amrit Williams, Michael Smith and Dan Philpott focuses on recent policy developments in the US, in particular legislation currently in the US Congress to modify or replace the Federal Information Security Management Act with new laws, whether the establishment of a US Military Cyber Command is a military necessity or a maneuver to attract funding, and whether the intense effort to legislate and regulate represents an effort to compensate for a shortage of human cybersecurity expertise.

Jul 10th, 2009
Duration: 15:40
Cybsersecurity, Cyberdefense and Cyberwarfare: Part I

Begins a three part discussion with Michael Smith, self-described Guerilla CISO and Dan Philpott, the instigator of the www.fismapedia.org wiki site on latest thinking on the rapidly developing fields of cyberdefense and cyberwarefare. Planners, policy makers and practitioners face multi-faceted dilemmas in this field. Key topics include the relationship of government and civilian organizations, the blurred line between warlike and criminal attacks on cyber assets, the questions whether cyberwarfare includes "kinetic" attacks on enemy cyber assets, the collateral necessity of using neutral nation IT infrastructure as a channel for cyberwarfare actions among many other issues.

Jul 7th, 2009
Duration: 13:37
PCI: Tastes Great or Less Filling?

Amrit Williams, CTO of BigFix, Inc. talks to long time secure payments consultant Michael Dahn about whether the current Payment Card Industry (PCI) standards, by their prescriptive nature, lead to organizations focusing on standards compliance at the expense of more effective security measures. Dahn believes that one way to reduce the cost of PCI compliance lies in taking a need-to-access approach to sensitive data. I.e., if an organization cannot access data, due to its encryption or other controls, this removes the need for PCI-prescribed methods to protect it. Dahn concludes the talk with a brief mention of the BSides conference-a event where the audience chooses the speakers and topics based on a wiki-based speaking proposal selection system. For more about this, visit www.securitybsides.com

Jun 30th, 2009
Duration: 18:18
Patch Management: Still a Hamster Wheel of Pain After All These Years

Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Chief Analyst of Securosis discuss Project Quant, a Microsoft-sponsored research effort to better understand the software patch and update process from both the software vendor and software licensee points of view. Microsoft has agreed to make all survey data accessible to the public and it will cover patch processes supporting products from a wide variety of software vendors-not just Windows. Rich and Amrit invite listeners to participate in the survey posted on www.securosis.com/projectquant.

Jun 23rd, 2009
Duration: 18:40
Embrace Change to Cut the Cost and Complexity of IT Security

Amrit Williams, CTO of BigFix, Inc. and Joshua Corman, Security Strategist at IBM Infomation Security Solutions (ISS) contend that the only way to fight the escalating cost and complexity of IT security is to embrace change and leave outmoded practices and technologies behind. Ironically, even as agile security professionals make change, they discover that many compliance regimes and other "best practices" force them to dedicate scarce resources to address yesterday's threats.

Jun 19th, 2009
Duration: 18:53
Security and Systems Management Convergence Part II: The Resolution

Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), continue their conversation on the relationship between IT service management and IT incidence response management. Crawford believes that the general desire for management and security convergence breaks down when dealing with real world server and PC infrastructures. Crawford believes that new generations of tools often impact processes when they reduce the cost and complexity of infrastructure management while improving its overall quality.

Jun 16th, 2009
Duration: 15:04
Security and Systems Management Convergence Part I: The Balancing Act

Amrit Williams, CTO of BigFix, Inc. and Scott Crawford, Managing Research Director of Enterprise Management Associates (EMA), begin a two part discussion on security and system management convergence by looking at what keeps the two disciplines siloed from each other although both sides recognize the benefits of seamless collaboration. In particular, Crawford has identified a balancing act between the understanding that disciplined, proactive approaches to system management result in strengthened immunity from security incidents at the potential cost of reducing responsiveness to incidents that do inevitably occur.

Jun 12th, 2009
Duration: 15:06
Situational Awareness Inside and Beyond the Perimeter

Amrit Williams, CTO of BigFix, Inc. speaks with Mike Rothman, founder of Security Incite and recently hired Senior Vice President of eiQ network on the need to secure information wherever it resides or travels, and a pendulum shift away from log management back to situational awareness. According to Rothman, the emphasis on log management trend stemmed from organizations taking a "check off" approach to information stewardship compliance programs. The renewed interest in situational awareness results from realization that log management alone is not enough to understand, respond, or prevent security breaches-in short, what's really at stake in information security.

Jun 10th, 2009
Duration: 16:27
The Security Implications of Virtualization

Amrit Williams, CTO of BigFix, Inc. and Aaron Bawcom, VP of Engineering of Reflex Systems discuss Bawcom's new book "Virtualization for Security." Bawcom believes that virtualization represents the most profound technology shift since the introduction of the IP protocol and will have a double impact on enterprise information security. First, vitualized systems simplify security by reducing the number of physical assets and inherently automating many security policy and configuration processes. Second, as they do this virtualized systems are different enough from conventional environments to require distinctly different processes and disciplines to assure their security. As as listening to the podcast, audience members can find out more about Bawcom's book at http://tinyurl.com/pd3ryj

Jun 5th, 2009
Duration: 15:49
20th Century Databases Need 21st Century Security

Amrit Williams, CTO of BigFix, Inc. and Ron Bennatan, CTO of Guardium note that as security attacks increasingly emphasis theft of financially valuable data, this puts databases in hackers' cross hairs. Since many databases can trace their lineages back 20 years or more, this often presents the technical and cultural conundrum of how to protect 20th century assets against 21st century attacks. This podcast also mentions Bennatan's new book "How to Secure and Audit Oracle 10g and 11g, with more information on this work at http://tinyurl.com/pgzbvj

Jun 2nd, 2009
Duration: 20:06
Johnny Long: Hacker for Charity

Amrit Williams, CTO of BigFix, Inc. speaks with Johnny Long, founder of Hackers for Charity, about Long's journey from the pinnacle of conventional IT industry career success to his decision to redirect his expertise to helping charitable organizations leverage computer technology to fight poverty and bring new opportunities to some of the poorest communities on earth. With his own eyes, Long has seen how his work feeds children and relieve the societal damages of disease. In addition to taking in this podcast, Amrit and Johnny invite listeners to learn more at www.hackersforcharity.org

May 29th, 2009
Duration: 18:08
Technical Publishing for Fun, Fame, and Modest Profit

Amrit Williams, CTO of BigFix, Inc. and co-worker Ryan Russell, IT Director at BigFix review the latest edition of "Stealing the Network: The Complete Series Collector's Edition," co-authored by Ryan, Johnny Long and Timothy Mullen. Ryan relates his experiences working with publishers, relaying tips to new authors on how to secure and execute on a publishing project. He also reviews the unique premise of "Stealing the Network" that uses fictional stories to present factual information about real world technologies. Ryan says that his favorite result of the book series is people who see him at conferences and explain that they better understood a topic, or that their boss now "got it" as a result of the story format. More information on this book and others in the "Stealing the Network" series is available at http://tinyurl.com/ryscz2

May 26th, 2009
Duration: 16:17
Cyber Warfare/Cyber Defense: Part II

Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR continue their discussion of cyber defense by reviewing the role of NICOR and similar organizations in helping various government agencies understand and co-oridinate their cyber defense programs and how private organizations can better understand their role in national cyber defense efforts and play a positive role in both securing their own assets and contribute to socially beneficial efforts across the economy.

May 22nd, 2009
Duration: 9:33
Cyber Warfare/Cyber Defense: Part I

Amrit Williams, CTO of BigFix, Inc. and Charles Dodd, CTO of NICOR discuss the rapid evolution of state- and terrorist-sponsored cyber-warfare from a hypothetical threat to a current reality. While society is best served by avoiding panic or over-reaction, the US has lagged in its understanding of cyber-warfare threats and its response to them. The podcast touches on the differences of cyber warfare-driven intelligence gathering, compromise of public infrastructure and even the potential for turning lethal military assets against their users. Part I of a two-part podcast.

May 19th, 2009
Duration: 17:23
The State of Cybercrime in 2009

Amrit Williams, CTO of BigFix, Inc. and Dr. Peter Tippett, Vice President of Innovation and Technology, Verizon Business Services review findings from Verizon's 2009 Data Breech Investions Report. According to Dr. Tippett, organized crime has increased its involvement in data theft incidents. From there, Williams and Tippett compare and contrast how cyber crime victims-both consumer and enterprise-respond to cybercrime incidents, law enforcement procedures and whether governments are improving their abilities to shut down cybercriminals.

May 12th, 2009
Duration: 16:30
Green Computing is Everyone's Business

Amrit Williams, CTO of BigFix, Inc. and Forrester Research, Inc. Analyst Doug Washburn talk about the surprisingly slow uptake of green computing technologies in enterprise infrastructures. Washburn believes that many organizations lack awareness of the solid economic returns from green computing and believe that many initiatives such as virtualization, cloud computing, and consolidation require investments that are hard to justify in today's hard-nosed economic environment. Washburn remains optimistic that even against relatively slow progress, next-generation "Green Computing 2.0" approaches are emerging where computers help organizations realize savings in bread-and-butter operations--for example UPS' use of computing to reduce the number of left turns made by delivery vans, saving energy and speeding deliveries.

Apr 22nd, 2009
Duration: 16:28
Crossing the IT and Physical Facilities Management Chasm

Amrit Williams, CTO of BigFix, Inc. and Sean Goings, Business Development Manager of TAC Americas, a physical facilities engineering firm, discuss overcoming the barriers to cooperation between physical facilities and information technology professionals. The good news is that facilities and IT managers recognize that they have common goals in areas such as green computing-enabled energy conservation and integrating building physical and information security programs, but more work is needed to bring these disciplines together at strategic and operational levels.

Apr 17th, 2009
Duration: 15:40
Waking Up to Web Application Security Risks

Amrit Williams, CTO of BigFix, Inc. and Rich Mogull, Founder and Principal Analyst of Securosis (www.securosis.com) discuss Securosis' recent research on managing security risks posed by web applications to enterprise IT. Mogull proposes a three phase process for organizations to a) determine where their applications are located b) their value to the enterprise and c) a risk assessment to ascertain their vulnerabilities and mitigation measures.

Apr 15th, 2009
Duration: 15:24
Security Attacks Make News: What's the Story?

Amrit Williams, CTO of BigFix, Inc. and Patrick Peterson, Cisco Fellow and Chief Security Researcher at Cisco Networks talk about recently widely publicized security breaches and public, government and security expert research response to them. How can society make decisions in an information environment characterized by secrecy and special interest agendas?

Apr 15th, 2009
Duration: 14:55
Getting Serious About IT Security Risk Management

Amrit Williams, CTO of BigFix, Inc, and Alex Hutton of Verizon Business Systems Cybertrust, discuss what it takes to practice a truly sophisticated approach to IT security risk management. In particular, the risk management discipline involves calculating and adjusting an organizations risk exposures, mitigation capabilities, and management's risk tolerance. In this regard, Hutton speaks from his professional involvement with industry standards such as ISO 27005 and Factor Analysis of Information Risk (FAIR) techniques.

Apr 10th, 2009
Duration: 22:29
Game Theory and Predicting the Probability of Malware Attacks

Amrit Williams, CTO of BigFix, Inc., and Sam Curry, VP of Product Management and Strategy at RSA, The Security Division of EMC, discuss the paper they presented at the recent Source Boston conference proposing a theory of malware probability. Through applied game theory, Amrit and Sam believe it is possible to predict the relative likelihood of commercially motivated malware attacks on IT infrastructures.

Apr 7th, 2009
Duration: 18:58
Of Firewalls and VPNs: Two Examples of IT Security Business Enablement

Amrit Williams, CTO of BigFix, Inc., and Sam Curry, VP of Product Management and Strategy at RSA, The Security Division of EMC, review the current debate on whether IT security is about keeping bad things from happening, or as a means to enable business value generation. Recounting their experience in the IT industry and as colleagues at former employers, Amrit and Sam cite the development of virtual private network (VPN) and personal firewall technologies as examples of IT security enabling new ways to conduct business and generate value on the Internet and other public networks.

Apr 2nd, 2009
Duration: 23:08
The Conficker Worm: Fighting Back

Amrit Williams, CTO of BigFix, Inc.and Rick Wesson, CEO of Support Intelligence, (www.support-intelligence.com) discuss industry efforts to combat the Conficker Worm that go beyond passive anti-malware actions to encompass measures to disrupt the worm and its perpetrators.

Mar 31st, 2009
Duration: 14:52
Industry Response to the Conficker Worm

Amrit Williams, CTO of BigFix, Inc. and Jose Nazario, Manager of Security Research at Arbor Networks, discuss industry response to the Conficker worm, highlighting the work of the industry-wide Conficker Working Group (www.confickerworkinggroup.org).

Mar 30th, 2009
Duration: 17:02
Systems and Security Management in the Healthcare Industry: A Conversation with Amrit Williams and Dave Watson

Amrit Williams and Dave Watson, Chief Technology Officer of Mede discuss the impact of high-impact healthcare industry regulations including the Health Insurance Portability and Accountability Act (HIPAA), Fair Credit Reporting Act (FCRA) and Payment Card Industry (PCI) on IT security and systems management programs in the healthcare industry. In addition, initiatives such as electronic medical record keeping and integration of management and clinical systems are accelerating the automation of healthcare like never before. In this podcast, Amrit and Dave compare and contrast business, regulatory and ethical issues influencing healthcare and other industries.

Mar 27th, 2009
Duration: 9:43
Defending Data, Enabling Availability: The View from Securosis

Amrit Williams and Adrian Lane, Security Strategist at IT security consultancy Securosis (www.securosis.com) discuss the implications of taking a data protection-focused approach to IT security. In particular, the rise of technologies such as virtualization, software as a service (SaaS), cloud computing, mobile computing and the Internet itself mean that data is moving around like never before, rendering physical asset-focused approaches to security increasingly obsolete. While mature technologies, such as encryption, Network Access Control, intrusion prevention, conventional anti-malware defense exist for protecting data at rest, securing data in motion is a rapidly evolving field. Information-centric security, defined as maintaining data availability and integrity against external and internal threats requires new thinking not only about how to protect data, but the fundamental questions of just what is data security, exactly?

Mar 24th, 2009
Duration: 19:00
Security, System Management, and Healthcare: In Conversation with Mark Starry

Amrit Williams and Concord Hospital (Concord, NH) Director of Security Architecture Mark Starry discuss how initiatives such as HIPAA, electronic medical records, privacy, and doctor's clinical needs influence security and system management programs in a healthcare delivery organization. In particular, Starry emphases the need for functional and process consolidation, visibility into IT assets, and taking a proactive approach to protecting data to enable its productive availability to qualified users while preventing its misuse.

Mar 20th, 2009
Duration: 14:08
Special Edition: BigFix and IBM: The New Dynamics of Endpoint Security

BigFix Chief Technology Officer, former Gartner Research Director, and noted security industry blogger http://techbuddha.wordpress.com/ Amrit Williams and his guests share their expertise on security and system management issues impacting business, government, and other large public and private sector organizations.

Mar 18th, 2009
Duration: 17:35
PCI and Compliance Initiatives

BigFix Chief Technology Officer, former Gartner Research Director, and noted security industry blogger http://techbuddha.wordpress.com/ Amrit Williams and his guests share their expertise on security and system management issues impacting business, government, and other large public and private sector organizations.

Mar 6th, 2009
Duration: 15:28
The Human Factor in Enterprise IT Security

BigFix Chief Technology Officer, former Gartner Research Director, and noted security industry blogger http://techbuddha.wordpress.com/ Amrit Williams and his guests share their expertise on security and system management issues impacting business, government, and other large public and private sector organizations.

Mar 6th, 2009
Duration: 22:00
Cyber Security and the Obama Administration

BigFix Chief Technology Officer, former Gartner Research Director, and noted security industry blogger http://techbuddha.wordpress.com/ Amrit Williams and his guests share their expertise on security and system management issues impacting business, government, and other large public and private sector organizations.

Feb 28th, 2009
Duration: 16:38
The Hathaway Appointment

BigFix Chief Technology Officer, former Gartner Research Director, and noted security industry blogger http://techbuddha.wordpress.com/ Amrit Williams and his guests share their expertise on security and system management issues impacting business, government, and other large public and private sector organizations.

Feb 28th, 2009
Duration: 22:31
The Kaspersky Break-in

BigFix Chief Technology Officer, former Gartner Research Director, and noted security industry blogger http://techbuddha.wordpress.com/ Amrit Williams and his guests share their expertise on security and system management issues impacting business, government, and other large public and private sector organizations.

Feb 20th, 2009
Duration: 15:46