Big Brother Can’t Lead People

People always seem to be afraid of Big Brother. They don’t like to be watched or have the feeling they are being watched. I don’t blame them. What is   interesting to me is how some supervisors and managers want to rely on it when it might suit their needs.

It amazes me how many times I’ve had to turn down requests from these "leaders" attempting to use Big Brother as a management tool. I’ve heard the whole list of explanations:

Continue Reading

Why go to Black Hat?

The Black Hat Conference has been going on for years. For me, I’ve always said I would like to get there some day. Instead, I’ve always opted for making it to the RSA conference because the companies I’ve worked for were willing to send me to one or the other each year.

I used to believe the Black Hat conference was on the forbidden list for those of us certified with CISSP. Maybe this was true. I did a quick scan of the ethics policy on web.

Continue Reading

Big Brother vs. Acceptable Balance

One of the things I’ve learned over time is how people deal with change. Introducing an INFOSEC program needs to take this into account. It is also one of the most important lessons I learned…the hard way.

When I retired from the navy and moved to the civilian sector I admit I carried a large navy attitude. I was a Chief when I left. A navy chief is used to looking at problems and getting them solved asap.

Continue Reading

Securing Personal Data – Waste of Time?

I’ve often been asked from friends and relatives about why they should ensure their own personal data is protected. After all, it is only their home computer. What could anyone possibly want from that?

I read this interesting article today on It begins with the usual issues about stolen credit card numbers. The twist comes when an investigation has found other personal information. Such as, healthcare data, airlines, financial data, and on.

Continue Reading

USB Flash Drives – Friend or Foe?

I remember when USB flash drives came out. It was the coolest thing and so easy. But do these things really help us transport data or hurt us? I came across a couple of articles recently I thought I would pass along…of course with commentary.

First, this one about HP shipping USB sticks with malware. This was an interesting attack vector, which seems isolated to a particular type of HP server. The question is were these USB drives infected inside HP, the manufacturer, or somewhere in between? What steps need to be considered to prevent this from happening again?

Continue Reading