Announcements, Presentations and Work!

Leave a comment
Banyan tree, Bangalore, India

Banyan tree, Bangalore, India

It has been an incredibly busy five weeks since 44CON, with a lot of travel, projects coming to fruition, conference talks and preparation as well as more writing than is reflected in this blog.

I have spent three weeks (over two trips) in India carrying out five security risk assessments and hosting one three day client visit, and all I can say is that my India based colleagues continue to impress and amaze me with their knowledge, analytical skills and above all friendliness. I had the good fortune to spend some time with them at a team outing, discovered a mutual friend in London and also hit the dancefloor with them (if you have never danced in an Indian nightclub, you haven’t really danced!).

I was also able to spend an evening with the lovely folks of the Delhi chapter of NULL in Noida, and had a great couple of presentations (WAF and compliance) as well as an engaging conversation on interviewing in the infosec world. I had struggled for the last couple of years to find good conferences and forums in India, but apparently I missed an incredibly vibrant and widespread community. I’m glad to ay that is no more the case and I look forward to attending more in the future (along with my India based colleagues). On my return I attended the IT Security Forum and spoke on “Throwing Shapes for Better Security Risk Management” covering three ways to manage your security programmes more effectively.

A project I have been working on with my good friends and colleagues @sirjester and @j4vv4d finally came to fruition with the help of @jimshout, called Host Unknown. I am extremely proud of this project and we have spent many hours agonising over the details, honing the performances and getting website, YouTube and social media coordinated; in fact it was a lot more work than we expected! There is so much more in the pipeline, and if you would like more information please contact us, I promise you will only be mildly disappointed! (I am also legally obliged to point out that it was all my idea, despite what some of you may have heard.)

My other piece of news is that I have been asked to be a guest blogger for Iron Mountain, something I am absolutely thrilled by! I have already posted my first article, and I am looking forward to writing many more. As someone who can often struggles to  get down to the process of actually writing int he first place, (once I am started I seem to be OK!) I see this another incentive to flex that particular creative muscle more frequently, as well as getting used to writing on specific subjects, somewhat to order. I will of course be cross posting back to this blog, but I would encourage you all to head over and see what they have to say. My particular favourite is @christiantoon who is certainly one of the more prolific writer on the site (and a great guy to boot!).

It’s the RSA Europe conference next week, and I have been busy preparing my presentation “Playing the Game of Thrones: ensuring the CISO role at the King’s Table”. While there is an element of content that I have covered in other presentations before, this is nonetheless a new presentation with plenty of new content, somewhat more research based (although by no means academic) and very much pushing me out of my comfort zone. That said I think it is going to be a strong presentation which should generate some good discussion; here’s a podcast where I explain what I am going to be talking about, and I will of course be covering the conference in my next blog.

With all of this going on I haven’t been able to post as regularly as I would have liked, but I am building up a great stash of content that should see us through the winter months. Winter is coming after all!

 

The ISSA-UK and why I like them

Leave a comment

I have always had a soft spot for the ISSA-UK; ISACA and (ISC)2 are all very well (and have a slightly different  value offering what with their examinations and credentials), so the ISSA have sometimes in my opinion been compared alongside them somewhat unfairly. I like them for a number of reasons:

  1. Great value for money – at less than £100 per year and with a considerably higher number of events per year (at least in London) than (ISC)2 and ISACA, that’s a lot of potential CPE’s.
  2. Quality of speakers; I am biased (having now become an ISSA-UK speaker), but I have always been impressed with the quality of speakers. The highlight for me of the last 12 months for instance was Bill Hagestad  when he spoke about the Chinese cyber threat.
  3. Awesome people and networking; I am constantly meeting great people and having great conversations with them, infosec related and otherwise. Just tonight I made tentative arrangements to do a talk alongside someone else, discussed a high profile speakers apparent downfall (always useful for the future when the inevitable happens to oneself) and “connected” with a number of highly intelligent and rightly opinionated people.

Overall I think of them as having the least of an agenda with no exams to sell or certifications fees to maintain, and this is why it puts them at the top of my list.

Telling it like it is apparently

Telling it like it is apparently

Last nights talks were very similar to the Bristol one of a few weeks ago in that Richard Hollis presented on Deep Threat – Top 10 Lessons to Learn from the Online Adult Entertainment Industry, and I did my UFO’s, Dirty Dancing and Exploding Helicopters, a Hollywood guide to risk management presentation again. The final presentation was by Adrian Wright, ISSA-UK VP of Projects on Securing The ‘Internet of Things’ – Implications and Key Questions. 

I have to apologise to Adrian as I overran on my presentation putting the pressure on him to be as succinct as possible. Running over time is rightfully seen as something of a cardinal sin for a presenter, but in my mitigation it was because of the level of interaction from audience was just brilliant, and we got a good number of opinions across all of the topics put forward.

I have commented on Richard’s excellent presentation from when he gave it in Bristol, but Adrian’s I had not seen before. It was utterly fascinating and presented (as expected) very well by Adrian. What struck me the most was that the adoption of new technology is just increasing in speed over time almost exponentially. What this means for the internet of things is that before we know it, literally in the next few years, we will see a massive shift in how we consume food, control our homes and even park our cars. Only time will tell, but in this case, not a lot of time.

A great evening as usual and my tanks go to Gabe Chomic (@infoseccrow) for the invitation.

The presentation from the night is here in PDF and native Keynote, and as always if anyone would like to continue to conversation with me you know the usual channels!

TandTSEC is dead… Long Live ThomLangford!

1 Comment

@TandTSEC ~ @ThomLangford

For those of you who follow me on Twitter you may have seen a tweet from me stating my Twitter name is changing, from @TandTSEC to @ThomLangford and my web address from tandtsec.com to thomlangford.com. That change has been carried out earlier than planned for reasons beyond my control.

What it came down to was a matter of having to explain the background to TandTSEC a little too often, and to be honest, if you have to explain it then it subsequently loses impact and creates confusion. I have been on a mission to simplify my online residencies and this has resulted so far in a cleaner and easier to read blog interface, the use of thomlangford.com and finally the changing of my Twitter name.

If you were following me (and thank you for that!) on @TandTSEC you will not need to do anything as renaming an account does not unlink all of the Following and Follower data. You do have to remember my new Twitter name if you wish to tweet with me and I respectfully beg your forgiveness for that!

@TandTSEC and the related email account will still be active but will redirect people to the relevant ThomLangford accounts. There may also be a slight issue with the Tweet feed in this blog but I suspect they will ease out after a few days and/or posts.

Thanks for your understanding and continued support and following!

Changing Appearances

Leave a comment

I have had to change the theme on this blog again unfortunately because the last theme was not supporting mobile devices very well. Given how much I use my iPad in the normal course of the day to check up on other peoples blogs I realised this was going to be an issue. I sincerely hope this is going to be the last change for at least six months (when I will be unveiling a more coordinated approach to my blog, presentations and the like).

I hope you find the change easier on your iPad.