Why I am an Analogies Project contributor

1 Comment

Bruce_Hallas-300x286That devilishly handsome bloke you see to the right is Bruce Hallas. I used to go to school with him nearly 25 years ago, and then last summer, at the first old boys school reunion that our year organised since leaving I met him again, and it turns out we are in the same infosec business. I spoke to him about all of the good work I am doing, the company I work for, the many countries I visited and generally tried to make myself feel more important than the skinny eighteen year old I was when I last saw him. He told me that he runs his own infosec consultancy, his own blog, works with the UK government, and was in the process of setting up “a project” as a freely available, self funding, resource of analogies/stories to help people better understand information security. (Bruce immediately won the “my life is awesome since leaving school” competition of course.)

Since that time, The Analogies Project has grown from one man, an idea and a website to something producing real, quality content, and with a very promising and bright future.

In the words of the Project itself;

The Analogies Project has a clear mission. To tackle the unintelligibility of information security head on and secure the engagement of a much broader audience. Its aim is to bridge the chasm between the users, stakeholders and beneficiaries of information security and those responsible for delivering it.

Through a series of innovative initiatives the Analogies Project will enable information security professionals to effectively communicate with their chosen audiences. The content will be delivered through a variety of alternative communication techniques, media and partners.

The part of this project that I like the most is that it is essentially a community project. Bruce isn’t charging money for membership to the analogies as they are written (and they are coming thick and fast now!), and none of the contributors are charging for their work either. There are not only the web contributions in the form of a library, but a book planned, a conference, and even an opera! With the momentum that is currently behind the project at the moment there is every reason to believe in its future success.

So why am I contributing? Honestly, I have selfish and philanthropic reasons to do so. Obviously it gets my name out there, allows me to practise my writing, test some ideas and also say “I was there from the start”. All that aside though, I have frequently struggled in my day job to get infosec concepts across to people, either directly, in meetings or even in awareness training. To have had a resource like this available to me five years ago would have made my life so much easier, allowed me to advance the infosec “cause” more effectively and given me a set of tools I knew were consistant with the prevailing thoughts of industry commentators. Having a centralised, peer validated, toolkit available is fundamental to us as professionals when it comes to the messaging we give to our users, clients, bosses, teams and even the infosec community as a whole.

It’s still early days, but I have submitted my first contribution just last week (soon to be published I hope) and I am already inspired enough to be working on my second and third. There are a number of analogies already in place, and I would urge you to read them and consider them in the context of your current communications to your audiences, whomever they may be.  The book will be another important milestone and one I hope to play a part in; indeed I hope to be able to play a part in the the project for the forseeable future, and why I am happy and proud to display my “contributor” badge up on the top right of this site.

TAP-Contributor-Semi-Transparent-250x160

If you feel you have something to contribute, then head over to The Analogies Project and let Bruce and the organisers know. If you don’t feel ready to, then certainly check it out anyway. You won’t regret it.

One Award, Two Conferences and a Surprise in the Works

5 Comments

IMG_2138IMG_2153I am just returning from a very full three days in west London for the annual infosec conference season. I will do my best to name as many of the wonderful people I met throughout all three days, both new and old, but if I miss a namecheck or two, forgive me, let me know, and I will rectify immediately!

Tuesday bought the kick off of InfoSec Europe. After a quick run round to get some schwag  and chat with a few key vendors I had lunch with Cindy (@cindyv), Dwayne (@thatdwayne), Jitender (@jitenderarora), Javvad (@j4vv4d) and Brian (@brianhonan) to chat about RSA Europe and our proposed submissions. This was quickly followed by a couple of panels in the Keynote theatre (one moderated by Javvad) and then some good gossiping with Brian and Neira (@neirajones) before heading off to one the two award ceremonies of the night.

Well goodness, gosh and golly!

Well goodness, gosh and golly!

It was at this point the evening took a somewhat surreal turn. Having been nominated for Best Personal Security Blog at the inaugural European Security Bloggers Awards, I was both deeply honoured and supremely surprised to win!  I was also very proud to see Javvad pick up two awards as well. To say that the evening started to blur somewhat from that point on would be an understatement, but I am glad to say that the award itself did make it home safely. I did spend quite some time talking with Dwayne and Jack (@jackdaniel), predominantly about the mysogeny that still manages to find its way into infosec trade shows through booth babes that were supposedly banned form this years infosec show (looking at you ForeScout…) and then about possibly spinning up a BSides in India. Jack proved what a class act he was by offering to advise anyone who would be willing to take on this mantle in India, something I am hoping to encourage. I will be posting more on the awards in the next few days but suffice to say a huge thank you to Brian and Jack for making these awards happen.

Wednesday bought BSidesLondon. Whilst I was very disappointed not to have been able to speak it did take the pressure off considerably and I was able to enjoy a few good talks

Javvad and his heroes

Javvad and his heroes

(javvad and Stephen Bonner, @stephenbonner) and some great conversations with friends and colleagues. Max (@hoolers) if you are reading this, I apologise unreservedly for not getting around to having the chat I promised! I also managed to meet my “rookie” for the Rookie Track, Gavin (@gavinholt), as well as a great chat with Leron (@le_rond). Halfway through the afternoon I had to head back to InfoSec for my a panel I was a part of on BYOD and Consumerisation. This went very well, was entertaining and informative in my opinion, and despite two attempts at distracting me by Geordie Stewart and Andrew (@sirjester) completed without incident!

View from the panel

View from the panel

A quick visit to the RANT forum (@rantforum) was followed by a couple of drinks at the BSidesLondon after party and then an early night.

Thursday bought a couple of early meetings including Bruce to discuss the Analogies Project (@analogies) which is always a pleasure. I then formally went on vacation…

The rest of the day was taken up with filming for a project I am involved in with Javvad, Andrew and the very talented Jim (@jimshields) of Twist & Shout. More of that to follow in the coming few weeks but I am incredibly excited at what this project may bring not just to me personally but also to the infosec community as a whole (for instance, a sense of humour…).

After dinner with @secwonk, @gattaca, @turbodog, @anthonymfreed, Cindy, Javvad and Andrew, a weary but very satisfied Mr Langford returned home.

Highlights

  • Winning the Best Personal Security Blog Award
  • Thursday afternoon (see above)
  • ForeScout’s apparent admittance that they needed booth babes to help sell their product

Lowlights

  • Missing Gavin’s presentation because of a scheduling conflict
  • Not finding myself spoilt for choice for presentations to attend at BSides – I thought the choice was predominantly technical and not as broad as last year. Still a great conference, well run and with a huge amount of talent; just less applicable to me this year.

10 Rules of Risk Management… In 10 Movie Quotes

3 Comments

I had an absolute blast last night presenting at the Acumin RANT forum (https://www.rantforum.com) on the topic of “10 Rules of Risk Management… In 10 Movie Quotes”. The premise was simple – people don’t remember rules or dull facts, but they do remember things that emotionally touch them in some way. Each quote and movie opened up a conversation on an aspect of risk management (although the term “rule” was a little inaccurate of course). Given it was the RANT forum, and I was competing for the attention of the audience against the allure of a free bar, there was plenty of opinion and discussion flowing around the room throughout. Hopefully a few of the points I was trying to make will have stuck as a result of quotes such as “You’re gonna need a bigger boat” or “I see dead people”.

I felt the audience engaged and participated throughout with lots of very verbal agreement and disagreement throughout, and it was exciting to be right at the centre of the maelstrom. If you have never been to a RANT before just imagine one person being surrounded by a large number of people only a few feet away; with your back to the projector screen, there is no lectern to hide behind and no stage to stand on. It’s do or die, and a  #Fail never far from your thoughts!

Not everyone agreed with the points I was making of course but that just generated further conversation. I had some excellent follow up conversations with a number of people, including a great idea for my next presentation which a stated up front I might shamelessly steal – I think i got his agreement that doing so was OK! I had some very positive feedback afterwards as well for which I am very appreciative of; if you are reading this and want to provide more feedback, of both kinds, then please do. Without wishing to sound too “new age”, feedback is a gift you can give someone that will allow them to grow and improve. Without it we continue to make mistakes and miss the opportunity to learn.

Gemma (from Acumin) and I tried something new this time as well, filming the presentation with two cameras. It will take me a few days to splice the footage together, but as soon as it is done I will have it posted here. I know some of those who attended were interested in both reviewing and sharing the footage, as well as the slides; these are below, as well as a slideshow of the deck. I use Keynote  for my presentations, so the PowerPoint conversion is never a true representation. If in doubt, use the PDF. Someone mentioned last night that they may want to link to the content here too. I have no objections to this, just credit me and don’t muck about with the content!

My thanks to Acumin for hosting the evening, and thank you to all of you who took part, especially the very lucky prize winners! (If you wanted a pen but didn’t get one let me know and I will do my best to send one to you).

This slideshow requires JavaScript.

Files for download:

PDF – 10 Rules of Risk Management

PPT – 10 Rules of Risk Management

Keynote – 10 Rules of Risk Management (native)

Movie from the evening – Coming Soon

The New Home of TandTSEC, the blog

Leave a comment

Fairford Airshow 2011I am in the early days of setting up this site as the formal blogging site of TandTSEC. It has been almost a year since I set up the original site, and after an initial flurry of blogs they dried up quite quickly. I have come a long way in my professional development since then, significantly catalysed during the RSA Europe conference last year.

Moving to this site will allow me to overcome one problem in particular, namely that of being able to update my blog from anywhere and on any of my mobile devices. My hope is that I will be able to post an update when the mood hits me rather than when I get back to my desk at home. Given the amount I find myself traveling this was a problem!

I am also starting on the speaking circuit. I am in the middle of preparing my first presentation ready for delivery this coming Tuesday at the RANT forum in London. With that in mind I am challenging myself to come up with more frequent updates, opinions and thoughts to act as the “manure” for new presentations, articles, and hopefully a book!

Here is to a new chapter in my InfoSec career!