The Simple Things are Effective

Leave a comment February 17, 2012 Thom Langford

It occurred to me while I was preparing to give a security briefing to a number of internal teams that fundamental security is not difficult. There are a number of simple activities or tasks that if carried out correctly, will significantly reduce the the potential for data loss, data breaches, security weaknesses and incidents. After a bit of scribbling in my book I boiled it down to ten things (or actually made it up to ten as I originally only cam up with seven, but every “list” needs to be either three, five or ten!). Many of them can even be driven by the individuals themselves rather than the organisations they work for; perhaps a version of BYOD called BYOS, or Bring Your Own Security. I think that in itself is a good topic for conversation!

Over the course of the next few weeks I will post each one (or two if they are related) of these activities, but in summary they are:

Lock Leads
Encryption
Screen Privacy Filters
Removable Media
Collaboration Tools
Mobile Devices
Social Engineering
Background Checks
ID Badges
Escalation & Education

I am sure there are more, and I have the feeling these posts will form the basis of a presentation later on in the year! However, the fundamental aspect of all of this is that basic security is not difficult. it doesn’t require thousands of pounds on DLP solutions, security guards and endpoint solutions (although they all help add layers of defense of course), it just needs to focus initially on a few effective measures that can me implemented across an organization quickly, easily and in the grand scheme of things, at great value.

In the process of writing these up I hope to explore both their effectiveness and ease of use; I will also challenge some preconceptions, including my own, on the ease in which they can be implemented and more importantly, adopted buy individuals in a BYOS environment.

An Anatomy of a Risk Assessment

Leave a comment January 28, 2012 Thom Langford

The video below is my presentation to the RANT forum in London on “An Anatomy of a Risk Assessment”. In it I give a personal view on the mechanics underlying a risk assessment or audit. It is not a highly technical approach, and is not meant to be; for that purpose there are plenty of books and guidance available elsewhere. Instead I take a more human approach as to how to get the most out of an assessment, from both sides of the table. The slides are available at the link below, in Keynote, PDF and Powerpoint format or can just be viewed through your browser. Presenter notes are there and are my original presentation ideas, and so therefor may not accurately reflect the presentation on the night!

http://bit.ly/wF3pKe

Technically, this was my first ever public speaking engagement of any note (I did a two minute session in the November RANT), and so I am scrutinising my performance significantly to ensure I can improve upon this presentation for reuse at other venues. If you attended, or indeed if you care to review the video below I would welcome your feedback. I must say though, having watched it a number of times now, I am very much painfully aware of my annoying personal tics, mannerisms and expressions of speech! Still, it was an immensely enjoyable experience and one I am looking forward to repeating at some point in the next twelve months.

The book I make reference to at 16:00 is The Leaders Workbook by Kai Roer (http://amzn.to/xm3dy2), an inspirational book, but only if you use it properly!

Under Construction… No Longer!

Leave a comment January 22, 2012 Thom Langford

On the eve of my first real post for nearly a year, but a busy few months, this site is officially no loner under construction! There is more work to be done, namely About Me, Reading List and and a few other pages I have in mind. They will come over time, but most importantly is the fact I am now ready to contribute to the infosec ecosphere!

~~Bear with me while I transfer old content and add new content throughout this site. Trying to keep it simple and engaging!~~

The New Home of TandTSEC, the blog

Leave a comment January 21, 2012 Thom Langford

I am in the early days of setting up this site as the formal blogging site of TandTSEC. It has been almost a year since I set up the original site, and after an initial flurry of blogs they dried up quite quickly. I have come a long way in my professional development since then, significantly catalysed during the RSA Europe conference last year.

Moving to this site will allow me to overcome one problem in particular, namely that of being able to update my blog from anywhere and on any of my mobile devices. My hope is that I will be able to post an update when the mood hits me rather than when I get back to my desk at home. Given the amount I find myself traveling this was a problem!

I am also starting on the speaking circuit. I am in the middle of preparing my first presentation ready for delivery this coming Tuesday at the RANT forum in London. With that in mind I am challenging myself to come up with more frequent updates, opinions and thoughts to act as the “manure” for new presentations, articles, and hopefully a book!

Here is to a new chapter in my InfoSec career!

Who’s RANT is it Anyway

Leave a comment December 2, 2011 Thom Langford

A short presentation given at the last Acumin RANT of 2011. The purpose of the exercise was a short, two minute presentation on a topic of your choice, but with slides unseen or changed.

Great fun, and on the back of this I agreed to do the first RANT presentation of 2012!