Who needs coffee when you have the best of this week’s local security bloggers at your fingertips?

The featured blog post by Richard Bejtlich is sure to give you a jolt that’s espresso-worthy as he bashes the ISC’s take on incident response verses incident handling, and our favorite v-blogger Marcus J. Carey will have you seeing (and maybe even singing) the ‘grapevine’ in a whole new way.

#3 – Don’t Trust the Grapevine: In his typical style, Marcus J. Carey opened his v-blog post “Heard It Through The Grapevine” with a real-life object/scenario (in this case, Marvin Gaye), and told his audience how it applies to security. It turns out that Gaye’s “Grapevine” has some hidden truths for security professionals about how to best deal with vendors. Drawing from the famous “Grapevine” lines, “people say believe half of what you see, son, and none of what you hear,” Marcus says the same should go for vendors: While they might show you a shiny new program that works perfectly on their network or equipment, there’s no guarantee that it’s going to work on yours. Our advice? Take the ‘bake sale’ approach; pick the top three technologies you’re considering, ask for demos, set those demos up, and see how they actually work on your network and your equipment. But don’t just believe “what you hear;” be sure to watch the post for yourself. 

#2 – Ready, Set, Enumerate: In his post “Maltego Part II – Infrastructure Enumeration,” Chris Gates (on the Ethical Hacker Network) discusses Infrastructure Footprinting, which he says is “essential for identifying possible systems for remote attacks.” While Gates has a lot of great text about how to successful carry out Infrastructure Footprinting, it’s the detailed screenshots that accompany the text that make this article worth the read. While it’s always nice to have clear instructions on how to do something, pictures are always a definite plus (especially for those of us who are visual learners). But before you read Part II of Gate’s post, you might want to check out “Maltego Part I – Intro and Personal Recon” for background information.

#1 – ISC Smack Down: Okay, so it’s really more of a ‘bashing,’ or a ‘difference of opinion.’ But no matter what you call it, we like it; it’s nice to see strong opinions now and again. And in his post “Speaking of Incident Response,” Richard Bejtlich certainly has a difference of opinion when it comes to a recent article published by the ISC entitled “Incident Response vs. Incident Handling.” Bejtlich disagrees with the part of the ISC article that states “Incident Response is all of the technical components required in order to analyze and contain an incident,” and “Incident Handling is the logistics, communications, coordination, and planning functions needed in order to resolve an incident in a calm and efficient manner.” According to Bejtlich, “[t]hat’s not right, and never was.” While Bejtlich tried pointing this out to the ISC moderators, he didn’t get very far. If you’d like to learn more about the real definitions of Incident Response and Incident Handling, you can check out Bejtlich’s article here.

Well, all good things come to and end, and so does these posts. But no worries: We’ll be back next week to make sure that your Monday starts of with something a little more interesting than the pile of work in your inbox.

If you think that we missed a post that should have been in our top 3, be sure to leave a comment below or send us a tweet @grecs.

###

It’s not too late! If you’re looking to get back to the heart of security basics, SANS has the perfect event for you in the form of their Application Security Workshop — What Works? workshop on April 29th. The workshop will cover the best ways to counter common attacks through general know-how, products, services, and configurations. If you’re interested, visit the SANS section of our Help Us Help You page to sign up for this workshop.

NoVA Blogger rybolov was on a role this week as he took two of the slots for our “Top NoVA Infosec Blog Posts of the Week” feature. Richard Bejtlich also made our list again with an interesting response to the 60 Minutes Story: “The Internet Is Infected.”

While the three posts below are all very interesting, one of them was written on April Fool’s day. See if you can guess which one it is from our descriptions and then check the posts out for yourself to see if you guessed correctly.

We’re always looking for great blogs by local infosec bloggers to consider for this feature, so if you know of one, please feel free to comment below or send us a tweet @grecs. You can also check out what other local infosec bloggers have to offer on our Infosec Blogs/Podcasts resource page.

#3 – Fortify to Save Security: Known as “the guys with the cool FUD movie about how code scanning is going to save the world,” according to rybolov, he had a lot to say about why Fortify is good, and why it needs improvement. Rybolov’s biggest problem with Fortify? “Fortify has been trying to step up to the Government feed trough over the past year or so.  In a rare moment of being touch-feely intuitive, from their marketing I get the feeling that Fortify is a bunch of Silicon Valley technologists who think they know what’s best for DC–digital carpetbagging.” And that’s just the beginning of the post. You can read the rest of Rybolov’s commentary about Fortify and what they are—and aren’t—doing to “fix” the government security problem on the The Guerilla CISO blog.

#2  – Obama’s Cybersecurity Plan Revealed: Well, sort of anyways. According to rybolov, an undisclosed source deep inside the 60-day cybersecurity review gave him the information that he wrote about in his post. The highlights? FISMA is failing, the Payment Card Industry standards do work, there is a cheaper way to meet PCI-DSS standards, and Scanless PCI can reduce the audit burden. Rybolov also contacted the NIST’s Computer Security Resource Center and got what he called an “unofficial opinon” about what the Obama administration is trying to do with cybersecurity. If nothing else, you should read the post for the “unofficial opinion;” it’s hilarious stuff.

# 1 – The Public is Infected: Okay, so maybe the public isn’t “infected,” in the typical sense of the word, but it is “infected” with incorrect knowledge about the internet. While a recent special report by 60 Minutes entitled —what else—“The Internet is Infected” helped raise public awareness about security issues, it also propagated incorrect stereotypes about “hackers” and cybersecurity. Local NoVA blogger Richard Bejtlich looked at what the 60 Minutes program got right, what it got wrong, and what needs to change in the future for general security awareness to be more effective. You can read all about what he calls his “humble point of view” (which in his case is actually a very expert opinion; you can check out his many books as proof), making the post an especially interesting read. You can check out the full post here.

Bonus: While it might not qualify as a top “post” per say, the classic “TomBot” diagram posted by rybolov last week is something that will start your day off on a good note. You can check out the diagram here.

Well, since all good things must come to an end, that’s it for this week. Be sure to check back next Monday for more of NoVA’s best.

###

We love being part of the local security community, and we would for you to be involved as well. There are two ways that you can get involved here at NovaInfosecPortal: You can purchase a subscription to the site, or you can be a guest poster. If you are interested in being a guest poster for NovaInfosecPortal, please drop us a line and we’d love to talk to you. 

There were some interesting blog posts from local NoVA infosec bloggers this week, discussing everything from customer service to what IT Security jobs will look like 20 years from now. But since we can’t highlight them all, we picked the best 3 blog posts of the bunch.

As always, be sure to tell us what you think by leaving a comment below. You can also send us a tweet @grecs.

#3 – Revisiting the Golden Rule: Depending on who you talk to, the ‘golden rule’ can mean many different things; to Wade Woolwine however, the golden rule that’s been missing from the security field is customer service. Wade writes, “when you’re involved in security, specifically for a product, or a company who builds products, you should be listening to your customers!” While that can sometimes be difficult for those of us who are a little reserved, Wade’s right: Part of dealing with people is helping them. While it’s easy to think that having a job in security means that you’ll never have to interact with people again, the reality is that you will. Even if you sit alone in a room with a computer for most of your day, chances are you still report to someone, work with someone on projects, or deal with outside companies or customers. Unless you’re one of the 1% of people who somehow manage to avoid all human contact, Wade provides some useful tips on how security professionals can polish their customer service skills. You can view Wade’s full blog post here.   

#2 – Security Careers for the Next Generation: Like everything else in the world, the security field is also changing. It’s unrealistic, as Richard Bejtlich points out, to think that the next generation of security professionals will be able to find the same positions that are available today. Why? According to Bejtlich, it’s due to a shift that’s happening not only in the security field, but the IT field in general. He writes, “I’d like to know which of you manage a 3G network? Chances are if you answer yes, you work for a telecoms provider. How many of you keep the operating system on your Blackberry or iPhone patched? If you answer yes you work for a telecoms provider or Apple.” Basically, Bejtlich believes that the next generation of security and IT professionals will find less variety of jobs to chose from, limited mainly to providers and vendors. You can read the full blog post on Bejtlich’s Tao Security blog.

#1 – A Little Extra Heat: It turns out that the “Cyber Security Coming to a Boil” blog post by Michael Smith of the Guerilla CISO created a fair amount of controversy. In case you didn’t read our post about it last week, Smith talked about the political side of cyber security. (And yes; anytime you involve politics in anything, it is bound to cause controversy). But in an interesting twist, Smith let one of his commenter’s (Ian99) write an entire post explaining why he didn’t agree with Smiths’ blog post. It makes for an interesting read, and it’s nice to see both sides of the issue. You can read Ian99’s response to Smith here.

Well, that’s all for this week; be sure to check back next week for more of the best from local infosec bloggers.

###

Speaking of local bloggers… we here at NovaInfosecPortal are locals too. If you’d like to support
 our site and keep the local infosec community going strong, why not consider subscribing to NovaInfosecPortal?