Upcoming Events
Oct
16
Thu
2014
18:45 October Meeting 2014: Configurat...
October Meeting 2014: Configurat...
Oct 16 @ 18:45 – 22:45
This month, we will be covering configuration management. Scott will be discussing maintaining an infrastructure with Puppet. The talk will cover what configuration management is, why automation is a good idea, how puppet works, an[...]
Nov
20
Thu
2014
18:45 November Meeting 2014: Vulnerabi...
November Meeting 2014: Vulnerabi...
Nov 20 @ 18:45 – 22:45
This month we will be having a presentation on using metasploit for fun and profit. Jim will be presenting on his recent metasploit training and will give us usage cases, a run through of the[...]
Dec
18
Thu
2014
18:45 December Meeting 2014: Annual So...
December Meeting 2014: Annual So...
Dec 18 @ 18:45 – 22:45
This month will be our annual social. A location has been selected already, easy to get to for pretty much eneryone. More details will be provided once I have gotten the venue booked. This will[...]

View Calendar

Interesting Links

Beautiful Security Cover

Beautiful Security is a collection of essays on security thought from a variety of industry leaders. The sixteen chapters of the book cover a surprisingly wide base of security domains making it worth reading just for the exposure to the wealth of ideas. The fact that the essays are intellectually entertaining is a bonus.

The best sections of this book are the places where some of my long held beliefs get challenged by the chapter author, particularly the issues involved with security in cloud computing. I still have a healthy skepticism for the claims of cloud service providers, but the concept that we will not get any better at securing abstracted compute environments until we start using them is correct. You do not become an expert at something until you invest a significant amount of time and practice into it, so how can we expect to secure these environments unless we use them?

Another surprise is the essay on law and infosec. This is not my first choice in reading topics but I have been exposed to other schools of thought over the years and typically enjoy them once I’ve realized that I’m ignoring useful information. This chapter is no exception. Although it is oriented towards U.S. law, the concepts and situations presented are quite interesting and do provide an alternative perspective for methodologies on rolling out a security strategy. Sometimes we forget that there is significantly more to the process than a technical solution.

In my opinion, this is a book worth reading as it generates questions about the way we approach information security. I would recommend it to anyone who wants to get a better understanding of and exposure to the thought processes that go into the information security industry.

Comments are closed.