Wednesday, April 30, 2008
Virtualization - there is also a good security aspect
Thursday, April 24, 2008
Finally someone said it!
Wednesday, April 23, 2008
The new security guy
Friday, April 18, 2008
Isn't it an interesting case for business continuity studies?
Thursday, April 17, 2008
Windows Server 2008 - Server Core
Have you tried Secunia PSI?
Adobe is the next target - does anyone still doubt?
Polaris - A very interesting research piece from HP
CyberStorm II and languages
Some good quotes from RSA
Tuesday, April 15, 2008
How many companies are looking into Security as a Marketing feature?
From a RSA vendor leaflet
RSA, final post
Writing this while waiting to board my return flight to Sao Paulo. It’s good to write after a few hours far from the conference, as it gives me a better view of what really impressed me most. I agree with other bloggers that mentioned the lack of innovation this year. However, it was expected.
I think I can mention some highlights. Black Ops, Sins of Our Fathers, Avoiding the “Security groundhog dayâ€, the DLP Panel, Ajax Security were very good in terms of presentation and discussion, but honestly, nothing new from them.
The best sessions for me were Bruce Schneier’s and Malcolm Gladwell’s. Both talked about human perception and the way that we think. Schneier has already published some things about it, especially about the way thaty we perceive Risk. Gladwell presentation was very interesting even if it wasn’t related to security at all. He talked about decision making, but not common decisions, but those made unconsciously. I think there are lots of situations in security that can benefit from his theories. The way that we assemble and conduct security monitoring centers, for instance, can be radically changed. By reading his book (“Blink: The Power of Thinking Without Thinking

The exposition was kind of sad. Tons of “appliances†providing solutions to problems defined by the vendors themselves. Lots of vendors talking about how their products provide very nice reports, but what about detection, prevention? Can all the problems in security be solved by a nice report with some pie charts?
The networking aspect, by the other side, was terrific. I met lots of people who write very good blogs, people that I found that are reading mine. I hope to be able to attend to the conference the next years to maintain all those contacts. Thumbs up for Martin McKeay, Jennifer Leggio and Alan Shimmel for organizing the bloggers meetup. It was very good and an extraordinary opportunity to chat with people that I respect a lot. Thanks!
Thursday, April 10, 2008
RSA post number 2
Wednesday, April 9, 2008
Looking for job in...Toronto!
RSA post number 1
Thursday, April 3, 2008
Content Management, Monitoring and Protection (from Hoff's post)
- Data leakage/loss protection (DLP)
- Identity and access management (IAM)
- Network Admission/Access Control (NAC)
- Digital rights/Enterprise rights management (DRM/ERM)
- Seamless encryption based upon "communities of interest"
- Information classification and profiling
- Metadata
- Deep Packet Inspection (DPI)
- Vulnerability Management
- Configuration Management
- Database Activity Monitoring (DAM)
- Application and Database Monitoring and Protection (ADMP)
- etc...