Changing jobs

New jobEffective January 1st, I'll complete my transition to the Dark Side by vacating my position as Information Security Officer. Afterwards, I will join Adelphi University's full-time faculty. My primary focus will be on computer science in general, with an emphasis on cybersecurity.In my new position, I'm going to be rekindling my research interests, and hopefully do something that is interesting and valuable to the community as a whole. With a change of responsibility comes a new focus, and hopefully, more materials to write about here.Want to replace me?If you are interested in becoming my successor as Adelphi University's Information Security Officer, please take a look at the job posting and apply. I'll be more than happy to answer any questions you may have.The job posting  can be found at at http://chj.tbe.taleo.net/chj03/ats/careers/requisition.jsp;jsessionid=D0B6F2F9EEB9879DCBAA1A1807AC3B17?org=ADELPHI&cws=1&rid=1574.Adelphi is a great place to work; salaries aren't bad (not great either ;), the campus has a close proximity to NYC, there are decent benefits, its campus is beautiful,  and you'll be in a fairly informal and non-hostile work atmosphere. Even better, you'll work in a professional well-run department and you will have FULL OWNERSHIP of the Infosec function.Note to bad guysUntil my replacement has been appointed, I will not...
Read more

Incident Response 101

A few weeks ago, we had a minor emergency: a water supply line burst in a wall and decided to flood the floor of the IT department at a rather impressive rate. Being located in the basement, the water really had no where to go, and it started pooling rather quickly. Fortunately, the burst pipe was a fresh water supply line, rather than a waste disposal line.A gut response of most people working in a service job is that they feel the need to actively help out in a situation where help is needed. In any form of emergency scenario, as is the case with computer security incident response, there are a few things to remember. I'll list them here again, in hope that they are useful to someone.1) Slow down. Initial reports from others, as well as your own initial assessment, is most likely incorrect and incomplete. Count to ten, take a deep breath, and re-assess the situation.2) Verify that there actually is an incident. If you get reports that something is going on, always verify them to the extent reasonably possible. In many cases, you'll find that reports are well-intended, but often wrong. However, always thank people...
Read more