A late start back to 2014

YEAR+IN+REVIEW1This time last year I posted a WordPress summary of my blog and stated I was going to focus on “growth” for 2013. Fortunately WordPress sent the same summary as last year and so I am very pleased to say that I have achieved that, certainly in regards to posts, content and followers.

It was a hugely busy year as regards me and this growth, with just some of the highlights including;

* Establishing Host Unknown alongside Andrew Agnes and Javvad Malik, and making a start in showing that security education really doesn’t have to be dull.
* The opportunity to be a mentor to Gavin Holt for the Rookie track at BSides. Gavin is an extremely talented and intelligent InfoSec professional and I was thrilled to have been able to help him present.
* The inaugral RANT conference and being able to play a part in the day for the lovely people at Acumin.
* Presenting at RSA Europe again.
* Getting involved with The Analogies Project, curated by the very talented Bruce Hallas,  in addition to being asked to be a regular contributor to the Iron Mountain Information Advantage blog.
* Winning Best Personal Security Blog at the inaugral European Security Bloggers Awards.

Combine the above (just the tip of the iceberg) with a dramatic increase in followers of the blog and of Twitter and an increase in the number of requests to present I am extremely pleased with 2013.

The word for 2014 therefore is “maintain”. Much as I would like to grow last years levels of activity it did cut into my day job quite considerably so I need to be a little more selective in my activities. That said, I have already presented at Securi-Tay3 in Dundee and have another one for the 451 Group in a few weeks. I will post something about Securi-Tay3 in a few days time when the videos have been published.

There are so many people to thank for the success of 2013, some of whom are mentioned above, but there are many others out there to whom I thank; I have very much been fortunate enough to stand on the shoulders of giants, allowing me to grow as a professional in the infosec field.

(View the full WordPress blog report here)

Moving forwards I have plenty of thoughts for content for this blog over the coming months so stay tuned for more details, and thank you for following me in 2013!

From Paris With Love; the oncoming storm of the generational gap

frompariswithlove_1The media has been awash with stories about Paris Brown, the UK’s first youth police and crime commissioner who felt she had no option to resign even before formally taking up her post as a result of allegedly offensive messages she had posted on Twitter.

To many, she had done nothing wrong; here was a teenager who was simply testing and pushing the boundaries of her adolescent world, sharing views and comments in her private life in an attempt to learn, identify with and grow into an adult. She had been chosen from a large number of candidates for this role precisely because she was typical of many of her peers, and her views of the world and the society she lived in, warts and all, were almost a requirement of the role in the first place.

To others, she was demonstrating vulgar and offensive sensibilities in a public domain that have no place in a role in public office. To that end Kent Police are currently reviewing the tweets in question so ascertain if a case should be made against her.

I believe this is going to be the thin end of the wedge, and that many more instances of issues like this will come through over the coming  years. This is going to have, in my opinion, a number of ramifications in our industry in a number of areas:

BYOD. The adoption of smartphones across society combined with bring your own device policies across industries has meant that the boundaries between personal and professional life are becoming increasingly blurred. This blurring means that people will increasingly lose the definition between what can and can’t be shared from the workplace which is going to become an issue. Sharing confidential documents via a BYOD enabled smartphone to personal accounts so they can be worked from home is not going to be seen as an issue; the content is on “my” device after all. Tweeting or blogging about activities from the workplace is increasingly the norm, even if those activities are confidential or secret. Even the acronym NSFW, not safe for work, has evolved to identify what content may or not be suitable for viewing and sharing in the workplace (how else can I get the time to view all of this awesome content?). As quickly as NSFW has come about I predict it’s demise as these boundaries crumble and fall and anything and everything will be considered as acceptable to view at work as long as it is on “my device”.

Privacy vs Personal.  There has been a growing trend amongst recruiters to look at the social media profiles of potential candidates. There is nothing illegal or unethical in this per se, although even standard police employment checks for the kind of role Paris Brown was entering into don’t specifically call out the need for social media checks/reviews. This is the dichotomy of the situation; how can I expect privacy when I do not observe it with my company data, and yet posting my weekends antics to my friends should remain with my friends, and yet this is the very real expectation it seems. How long will it be before this crashing realisation for a generation of people that what they have done in their adolescent years as they grew up really wasn’t just between friends but between the whole world, and put them at a distinct disadvantage in the job market? And will this realisation bring a raft of legislation along the lines of age discrimination, that disallows the use of this information during interview? There have already been cases of prospective employers in the US asking for Facebook credentials of candidates in order to check their backgrounds. Whilst this does cross moral, ethical and professional lines in many of our books, this is the inevitable alternative if this legislation doesn’t come in. As an infosec industry we will be on the front line of educating people of these consequences and potentially enforcing any incoming legislation in the workplace.

Professionalism in our Industry. But what about the here and now? As a profession we are held to a high standard of professional standards and ethics. All the organisations that we affiliate ourselves with to one extent or another have clear professional ethics. If during the recruitment process you have an opportunity to review somebodies social media background, would you take it? How would you use that information, and to what extent would a checkered social life influence your decisions? There are two sides to this of course; do your professional ethics stop you from looking (or just taking action from them), but then again would you want someone who appears to display a lack of self control and publicly put themselves into position of vulnerability that may allow them to be more easily bribed or blackmailed in an area that demands high levels of security and trust?

This generational gap in appreciation of the long lasting impacts of current social media in the world of big data is an area I believe is yet to be addressed fully. The sociological impacts of a series of younger generations engaging with an always on culture of social media are not yet fully understood and should be explored further. I hope the above is dipping a toe in the water of this huge body of water. Ultimately, if you are not paying for it, you are not the customer; you are the product…


TandTSEC is dead… Long Live ThomLangford!

@TandTSEC ~ @ThomLangford

For those of you who follow me on Twitter you may have seen a tweet from me stating my Twitter name is changing, from @TandTSEC to @ThomLangford and my web address from tandtsec.com to thomlangford.com. That change has been carried out earlier than planned for reasons beyond my control.

What it came down to was a matter of having to explain the background to TandTSEC a little too often, and to be honest, if you have to explain it then it subsequently loses impact and creates confusion. I have been on a mission to simplify my online residencies and this has resulted so far in a cleaner and easier to read blog interface, the use of thomlangford.com and finally the changing of my Twitter name.

If you were following me (and thank you for that!) on @TandTSEC you will not need to do anything as renaming an account does not unlink all of the Following and Follower data. You do have to remember my new Twitter name if you wish to tweet with me and I respectfully beg your forgiveness for that!

@TandTSEC and the related email account will still be active but will redirect people to the relevant ThomLangford accounts. There may also be a slight issue with the Tweet feed in this blog but I suspect they will ease out after a few days and/or posts.

Thanks for your understanding and continued support and following!