Wanna be responsible for IT security for an entire organization? Well here’s your chance! It looks like a great opportunity for a very experienced infosec professional interested in a managerial or business leadership position. The opportunity requires 15-20 years of experience in a security role and someone who knows network security architecture and infrastructure....
Read more »
I read an interesting article this morning over on InfosecIsland.com that discussed the security of using Skype in the enterprise. As expected it didn’t give us the magic “yes” or “no” but instead the typical “it depends.” Overall, I thought the author made a very good point in that we trust a lot of...
Read more »
Looks like a great job opportunity has turned up over at the NoVA Hackers Association’s facility host. I know several of the folks that work in their security department over there and it seems like a challenging and rewarding place to work. The Company ICF International (NASDAQ:ICFI) partners with government and commercial clients to...
Read more »
Last week I noticed NIST put out another draft infosec document that they need comments on. This time the publication that needs updated is SP 800-30, Guide for Conducting Risk Assessment, Revision 1. And updated it is in need of… NIST released the original version almost 10 years ago. Then it was known as...
Read more »
The OWASP – DC/MD Local Chapter infosec meetup event last week featured Rex Booth giving an introduction to OWASP, Matt Fisher looking at web risks and assessments, and a general discussion of BlackHat and DefCon. I wasn’t able to go but Rex has recently posted his notes from this session to the OWASP –...
Read more »
Here is some information regarding this week’s Wednesday OWASP – DC/MD Local Chapter infosec meetup event. Upon arriving please go to the 9th floor and sign in. Someone will escort you to the meeting location (room 8S026). If you are late and can not get in, please call (202) 270-8715.
Read more »
Rybolov from The Guerilla CISO, a local infosec NoVA-based blog, has put together a great blog post about NIST’s latest effort to modernize SP 800-30: Risk Management Guide for Information Systems. In his post he stresses how NIST should not change this document into a “catalog of controls gap analysis” process to favor compliance...
Read more »
Here is some information regarding this week’s Thursday ISSA – NoVA Chapter infosec meetup event.
Read more »
