Kevin Flanagan and I delivered a presentation on Cryptography at this year’s RSA 2010. Now, doing a cryptography presentation at RSA is a bit like putting a target on yourself that says “please shoot me down!”. Well, the presentation was very well received, and the RSA conference folks have asked ... Read More

Once again the RSA Conference is giving Dan Houser and I the opportunity to provide a one-day Identity Management Architecture tutorial. One-day tutorials can be added to your RSA Conference registration for a small fee. These sessions are designed to provide more depth and detail on particular important topics. This ... Read More

Time is critical in security systems; specifically, having systems know the time  is very important. Adequate clock synchronization is important for: Operational Integrity (things happen when they are supposed to happen – backups, tasks, etc.) Reproducibility of events (meaningful logs and records) Validation of SSL certificate expiration (or other tokens, etc.) Correct application of time ... Read More

Welcome to the second part of Art of Information Security’s interview with seasoned Information Security marketer Heather Deem (part 1 link). In the first part Heather discussed the importance of having reasonable time and resource expectations. In this part we will start off by discussing some low cost marketing techniques. Erik: Are there any ... Read More

In the final part of our interview series with Lee Kushner (part 1), Information Security recruiter and career coach, we will jump right in with a discussion of Lee’s “7 Habits of Highly Effective Career Managers”. Erik: I noticed from your web page that you recently delivered a presentation called “7 Habits of Highly Effective Career Managers” ... Read More

The Art of Information Security has the great pleasure of interviewing Heather Deem. Heather  is the driving force behind Candesco Marketing, and has extensive experience developing and executing marketing programs for Information Security firms. Given the current economy, Art of Information Security felt that there might be broad interest in Heather’s ideas ... Read More

Kerckhoffs’ Principle is one of the keys to solid cryptographic security. Here is the definition I found on the Wikipedia: “A Cryptosystem should be secure even if everything about the system, except the key, is public knowledge.” Kerckhoffs’ Principle does not require that we publish or disclose how things work. It does require that ... Read More

Probably this single most significant advantage to attending a conference, is the fact that it pulls so many people with a common interest into one place and time. If the interaction amongst participants wasn’t important, then it would be very difficult to make a compelling argument for in-person attendance. Talk to People – ... Read More

Given the current economic situation, professional development and job searching are on many people’s minds. As a result, I saw no better time to get perspective on these topics from a true industry insider. Lee Kushner is the President of LJ Kushner and Associates, LLC, an executive search firm dedicated exclusively to the Information Security ... Read More