Upcoming Events
18:45 August Meeting 2014: System Moni...
August Meeting 2014: System Moni...
Aug 21 @ 18:45 – 22:45
This month, we will be covering system monitoring. Andrea will be discussing monitoring a development environment utilizing zabbix. The talk will cover zabbix features,  why monitoring is good, selecting what to monitor, how zabbix works[...]
18:45 September Meeting 2014: Afforda...
September Meeting 2014: Afforda...
Sep 18 @ 18:45 – 22:45
This month, Scott and Jim will be talking about experiences with affordable storage appliances, concentrating on the Synology units from the basic 2 disk up to mid-size business units such as the rackstation devices. The[...]
18:45 October Meeting 2014: Configurat...
October Meeting 2014: Configurat...
Oct 16 @ 18:45 – 22:45
This month, we will be covering configuration management. Scott will be discussing maintaining an infrastructure with Puppet. The talk will cover what configuration management is, why automation is a good idea, how puppet works, an[...]
18:45 November Meeting 2014: Vulnerabi...
November Meeting 2014: Vulnerabi...
Nov 20 @ 18:45 – 22:45
This month we will be having a presentation on using metasploit for fun and profit. Jim will be presenting on his recent metasploit training and will give us usage cases, a run through of the[...]
18:45 December Meeting 2014: Annual So...
December Meeting 2014: Annual So...
Dec 18 @ 18:45 – 22:45
This month will be our annual social. A location has been selected already, easy to get to for pretty much eneryone. More details will be provided once I have gotten the venue booked. This will[...]

View Calendar

Interesting Links
O'Reilly Velocity 2014

Beautiful Security Cover

Beautiful Security is a collection of essays on security thought from a variety of industry leaders. The sixteen chapters of the book cover a surprisingly wide base of security domains making it worth reading just for the exposure to the wealth of ideas. The fact that the essays are intellectually entertaining is a bonus.

The best sections of this book are the places where some of my long held beliefs get challenged by the chapter author, particularly the issues involved with security in cloud computing. I still have a healthy skepticism for the claims of cloud service providers, but the concept that we will not get any better at securing abstracted compute environments until we start using them is correct. You do not become an expert at something until you invest a significant amount of time and practice into it, so how can we expect to secure these environments unless we use them?

Another surprise is the essay on law and infosec. This is not my first choice in reading topics but I have been exposed to other schools of thought over the years and typically enjoy them once I’ve realized that I’m ignoring useful information. This chapter is no exception. Although it is oriented towards U.S. law, the concepts and situations presented are quite interesting and do provide an alternative perspective for methodologies on rolling out a security strategy. Sometimes we forget that there is significantly more to the process than a technical solution.

In my opinion, this is a book worth reading as it generates questions about the way we approach information security. I would recommend it to anyone who wants to get a better understanding of and exposure to the thought processes that go into the information security industry.

Comments are closed.