The Podcast Roundtable

By Robyn Tippins I missed alot of winners.Thanks Irina for clueing me in!

With Martin McKeay, Jeremiah Owyang, and Dennis McDonald During this episode of The Podcast Roundtable we talk about: Gartner s latest hype cycle report (Martin comes down hard on Gartner; Dennis is not as negative) WalMart s targeting of young people with its own social networking application (herein we learn more about Jeremiah s sartorial preferences than is perhaps wise!) The recent court judgement against CleanFlicks, a service that offers rental of censored versions of movies on DVD (Dennis fulminates) India s efforts to shut down network support for blogs viewed as connected with terrorism (censorship again, but partly caused by a lack of selectivity in the initial restrictions) A downloadable MP3 of our session is here:

Tonight s guest is Rob Slade, author of the Dictionary of Information Security, his recently released book. Rob talks about the origin of his new book, how language is constantly changing, especially in Information Security and getting his book published. The last half of the podcast is listener feedback (please keep it coming!) and where I ve been, where I m going and what I m doing there. I forgot to add in the podcast, I m not going to BlackHat, but I am going to Linux World, with a press pass none the less. Maybe I can make BlackHat next year if I start planning now. Links from tonight: Rob Slade s Dictionary Errata Page: The link given in the show redirects slightly 6url.com Personal Public Email: Thanks, Dr. Hinson. I like this idea. Portable Media Expo: If you re going, drop me a line. I d like to meet as many people as possible at the Expo. StillSecure After All These Years: Alan Shimel and I discuss blogging for a few minutes. We talk about me a little too. Threat Chaos: Richard Steinnon wanted to know my opinions security in the world today. Coming up next week, the Security Wonk, security blogger and professional. I ve already recorded the interview, so barring catastrophe, it ll be up next week. Network Security Podcast, Episode 37, August 1st, 2006 Time: 28:17 Tonight s Music: Allison Crowe - How Long Technorati Tags: security, Rob Slade, 6url, StillSecure

This week I talked to Ravi Ganesan, founder of TriCipher. He fills me in on some of what s been happening with Man in the Middle attacks against two-factor authentication used by banks and financial institutions. It sounds like this is a fairly small issue right now, but it could quickly grow in the near future. Ravi is clearly an expert on authentication solutions and gives some hints about where security professionals need to be looking in the future. I also take a few minutes to talk about some changes that may be happening to the PCI standards in the near future, the concept of compensating controls. By the way, I mistakenly called Ravi the CEO in the podcast, sorry for the mistake. I m not a CSO either, so I figure that makes us even. Network Security Podcast, Episode 36, July 25th, 2006 Time: 45:27 Tonight s Music: Shemekia Copeland - Breakin Out Technorati Tags: security, podcast, Man in the Middle attack

Note to self, don t schedule interview before the second cup of coffe. This past Sunday morning I had a chance to talk to Brian Contos from ArcSight, who has a book coming out next month, Enemy at the Water Cooler: True Stories of Insider Threats and Countrmeasures. Brian has a lot of great stories and experience dealing with the insider threat in the real world, which he s more than willing to share with us. There s a lot more Brian has to share, so we ll very likely be hearing from him again in the near future. It ended up being a long interview, but I hope you get as much out of our conversation as I did. Network Security Podcast, Episode 35, July 18th, 2006 Time: 51:20 Tonight s Music: Michael Burks - Heartless from Alligator Records Technorati Tags: security, insider threat, Brian Contos

It s back to being just me on the podcast, at least for tonight. I was supposed to have a special guest on the show tonight, but he had to back out due to other commitments. You ll have to listen to the podcast to find out who it was going to be. I hope I ll still be able to interview him in the near future. But I m learning not to count my interviews before they re recorded. Vacation was a lot of fun, and you can find an expanding set of photos on my Flickr account. Thanks to Mike Farnum and Steve Murawski for pointing me to Sudo for Windows. Network Security Podcast, Episode 34, July 11, 2006 Time: 29:14 ADP lost 125,000 records to a social engineering hack FBI wants more wire-tapping capabilities Bruce Schneier on: Brennan Center Report on Security of Voting Systems Terrorists, Data Mining and the Base Rate Fallacy Retailers fail to pass security test Tonight s music: Stop Watching Your Enemies by Koko Taylor Technorati Tags: security, government, PCI Technorati Tags: security, government, PCI

This is probably going to be the earliest I ll ever release an episode of the podcast. I m going on vacation tomorrow morning, so I wanted to make sure the podcast was up and available. There won t be a podcast next week, but the podcast after that will be exciting. I haven t recorded that interview yet, so I m not telling who it is yet. Just rest assured, you ll understand why I m excited when you hear the guest. This week s guest was Jeff Stanton, professor at Syracuse University and co-author of The Visible Employee. Dr. Stanton s book looks into the realm of employee monitoring, examining employee attitudes, management viewpoints and the technology involved. Having run an employee monitoring program before, I was extremely interested in hearing how other IT professionals feel about being made responsible for watching their fellow employees. Employee monitoring is something that has to be handled very carefully to protect the business while not intruding on the employee s right to privacy. And a lot of businesses haven t really taken the necessary time to do it right. Network Security Podcast, Episode 33, June 27, 2006 Time: 33:42 Tonight s music: Osho Mask by Aaron Wilkinson Technorati Tags: security, privacy, employee monitoring