Just over a week ago the good, the awesome and the rockstars of the European blogging scene centred upon the the function room of the Prince of Teck pub in Earls Court for the inaugural European Security Blogger Awards of 2013. The atmosphere had a nervous tension and a strong feeling of anticipation (as well as a few bow ties for some other award going on immediately after that night!). These awards would not have happened if it wasn’t for two gentlemen in particular, namely Jack Daniel (@jack_daniel) and Brian Honan (@brianhonan) and without the sponsorship of Tenable (for the bar) and Qualys (for the trophies themselves). Both of them organised this off their own backs, were extremely gracious hosts and ultimately did this for the betterment of the European infosec community, and I wish to recognise that formally.
Thank you Jack and Brian, and to our sponsors.
But moving onto the awards themselves; after an initial round of blind nominations, the finalists were announced on Saturday 13th April and a no doubt frenzied bout of voting commenced, interspersed by all the finalists vying for your votes. My favourite had to be this one from Kai Roer (@kairoer), someone certainly not known for his modesty!
But aside from my evil twin shamelessly and quite rightly asking for votes (he has a great blog, check him out!) there were regular reminders and links from Brian and Jack to get voting and many retweets. I’m not sure how many votes were cast but I imagine they were well into the hundreds.
And so the night came, and after a day at Infosecurity Europe just over the road, and the practising of our “disappointed we didn’t win but SO happy for the winner” faces, it was down to Jack to announce the nominees and winner. They are listed below, but before that I want to move onto the tip I promised in the title…
Below are links to some of the smartest minds in our industry, and not only that, but they are willing to share their knowledge with you, for free. In any industry that is a rare gift to be given so I would like to encourage everyone who reads this to visit some of these blogs and follow them on Twitter, and also actively participate in the discussions, opinions and (dare I say it) thought leadership that is being presented. As a blogger myself I know the thrill of discussing a topic with someone, whether they agree with me or not. If you disagree with something that is being said, then politely and respectfully say so and put your point across. Even a simple message of support or a ‘Like’ means these people are going to be more likely to continue to blog and share their ideas with you in the future. And of course, if you think you can do better we would welcome you with open arms; this is not an exclusive club.
And so, without further ado, and a final thank you to Brian and Jack, here are the results of the European Security Blogger Awards 2013!
Best Corporate Security Blog
Malware Must Die
Sophos Naked Security Blog < WINNER!
F-Secure Labs Blog
SCRT Information Security
Security for UK Legal Professionals
Holistic Security Blog
Best Personal Security Blog
Chat Back Security
The Roer Information Security Blog
Make IT compliant – Security and Compliance
Thom Langford < WINNER!
Best EU Security Tweeter
@rik_ferguson < WINNER!
Grand Prix Prize for the Best Overall Security Blog
Sophos Naked Security Blog < WINNER!
Light Blue Touchpaper
Holistic Security Blog
Didier Steven’s Blog
If you made it this far you may have noticed I was very honoured and pleasantly surprised to have won Best Personal Security Blog, and against some real industry heavyweights too. My thanks to all of those that voted for me, it means the world to me.
I am just returning from a very full three days in west London for the annual infosec conference season. I will do my best to name as many of the wonderful people I met throughout all three days, both new and old, but if I miss a namecheck or two, forgive me, let me know, and I will rectify immediately!
Tuesday bought the kick off of InfoSec Europe. After a quick run round to get some schwag and chat with a few key vendors I had lunch with Cindy (@cindyv), Dwayne (@thatdwayne), Jitender (@jitenderarora), Javvad (@j4vv4d) and Brian (@brianhonan) to chat about RSA Europe and our proposed submissions. This was quickly followed by a couple of panels in the Keynote theatre (one moderated by Javvad) and then some good gossiping with Brian and Neira (@neirajones) before heading off to one the two award ceremonies of the night.
It was at this point the evening took a somewhat surreal turn. Having been nominated for Best Personal Security Blog at the inaugural European Security Bloggers Awards, I was both deeply honoured and supremely surprised to win! I was also very proud to see Javvad pick up two awards as well. To say that the evening started to blur somewhat from that point on would be an understatement, but I am glad to say that the award itself did make it home safely. I did spend quite some time talking with Dwayne and Jack (@jackdaniel), predominantly about the mysogeny that still manages to find its way into infosec trade shows through booth babes that were supposedly banned form this years infosec show (looking at you ForeScout…) and then about possibly spinning up a BSides in India. Jack proved what a class act he was by offering to advise anyone who would be willing to take on this mantle in India, something I am hoping to encourage. I will be posting more on the awards in the next few days but suffice to say a huge thank you to Brian and Jack for making these awards happen.
Wednesday bought BSidesLondon. Whilst I was very disappointed not to have been able to speak it did take the pressure off considerably and I was able to enjoy a few good talks
(javvad and Stephen Bonner, @stephenbonner) and some great conversations with friends and colleagues. Max (@hoolers) if you are reading this, I apologise unreservedly for not getting around to having the chat I promised! I also managed to meet my “rookie” for the Rookie Track, Gavin (@gavinholt), as well as a great chat with Leron (@le_rond). Halfway through the afternoon I had to head back to InfoSec for my a panel I was a part of on BYOD and Consumerisation. This went very well, was entertaining and informative in my opinion, and despite two attempts at distracting me by Geordie Stewart and Andrew (@sirjester) completed without incident!
A quick visit to the RANT forum (@rantforum) was followed by a couple of drinks at the BSidesLondon after party and then an early night.
Thursday bought a couple of early meetings including Bruce to discuss the Analogies Project (@analogies) which is always a pleasure. I then formally went on vacation…
The rest of the day was taken up with filming for a project I am involved in with Javvad, Andrew and the very talented Jim (@jimshields) of Twist & Shout. More of that to follow in the coming few weeks but I am incredibly excited at what this project may bring not just to me personally but also to the infosec community as a whole (for instance, a sense of humour…).
After dinner with @secwonk, @gattaca, @turbodog, @anthonymfreed, Cindy, Javvad and Andrew, a weary but very satisfied Mr Langford returned home.
- Winning the Best Personal Security Blog Award
- Thursday afternoon (see above)
- ForeScout’s apparent admittance that they needed booth babes to help sell their product
- Missing Gavin’s presentation because of a scheduling conflict
- Not finding myself spoilt for choice for presentations to attend at BSides – I thought the choice was predominantly technical and not as broad as last year. Still a great conference, well run and with a huge amount of talent; just less applicable to me this year.
This is a picture taken in Starbucks, just a few minutes ago. Can you guess what’s missing?
Why the owner felt it was a good idea to go to the toilet (while carefully taking his iPhone with him, because otherwise it might get stolen!), leaving his laptop in a busy room where it could be easily removed is beyond me. It was made worse because when I peeked around the screen, it was also not screen locked.
With so much noise and argument going around the infosec community at the moment around security awareness the lazy conclusion would be that all users are idiots and need their hand holding all the time before they hurt themselves with their private data. Of course it is never that simple but it is no less infuriating to see this kind of attitude in practise. Where do we go from here in trying to avoid these situations?
I have a colleague who likes to highlight that we should consider our laptops and tablets and other various devices as “bathroom buddies”. I didn’t like this term at first (my knee-jerk reaction against the American use of the term bathroom), but it really does make sense. When in a public place such as a cafe, train etc and you need the toilet or a break, take your equipment with you! It is a simple alliterated phrase that sticks in the mind, makes you smile and therefore might actually make someone change their behaviour.
On the subject of humour, there was an XKCD cartoon very recently that summed this up perfectly.
The point is that this individual who left himself logged in could have had untold damage done to his personal and professional reputation if I was so inclined. Facebook posts, Tweets, work emails, Amazon orders etc could all potentially have caused him grief. Sure, after the fact he could probably “tidy up” the mess, but why put yourself in this position?
In the security awareness debates, system design is often touted as the way ahead, and in actual fact I think this may have come to the aid of our hapless coffee drinker, if he was lucky. The laptop itself looks like a new MacBook Pro, possible a Retina given the new style charger. That would mean he would be running Lion or Mountain Lion, which means FileVault is installed, although not enabled by default. If it was enabled and I ran out of the cafe with his laptop chances are when I sat down at the nearest park bench to check my prize the laptop would have locked and required a password. There is a good chance there that his data would be secure and encrypted. The same would be true if it was a Windows 7 or 8 laptop. The problem here though is that the key phrase above is “not enabled by default”. It’s great these operating systems now come with encryption built in, but there aren’t even annoying prompts a la Microsoft that, for instance, I don’t have an anti virus program installed; it is left entirely to the user to be educated and security savvy enough to enable it. I have joked on this blog before that encryption today is at the same level of anti virus of twenty years ago (Dr Solomon’s anyone?). Today, I would wager virtually everyone knows about anti-virus, and in fact it is often bundled and enabled by default on new laptops. (I am not going to take this opportunity to talk about the efficacy of anti virus as an endpoint protector!). When will encryption become such a commodity that you are an oddity if you don’t have it?
This isn’t a particularly racy topic, but it is one that is played out every day in cafes around the world. As every teacher will tell you, when you get the fundamentals right, the rest will follow far more easily. This person really should have known better, but when will we be at a point that he wouldn’t have had to?
My thoughts and wishes are with all my friends, colleagues and acquaintances in Boston at the moment following the multiple explosions centred around the Boston Marathon. I hope you and your loved ones are all safe and accounted for.