Security Minded - from Kai the Security Guy

Some thoughts on security (and other stuff) from a Microsoft security professional

Browse by Tags

Related Posts
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VII) - Moving Data Out of Your Organization

    Well, if you've been following along...we talked about who the insiders are and the metrics behind economic espionage. We've discussed why they do it and how they get the data. But I know this probably hasn't been very technical for most of you. Today that is going to change. Today we're going to talk...
  • Blog Post: Where's Kai? RSA Conference 2008!!

    Well...if you're an IT Security Professional, you owe it to yourself to make the journey to the annual RSA Conference at least once in your life. It's the world's biggest security conference and many a great new announcement is made here. This year, it's my turn! They have some awesome speakers here...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part II)

    In this part, we get some good advice from the FBI on how to have that talk with your executives who like to travel out of the country and don’t really understand the risk that they assume when they carry that laptop, cell phone, or other electronic device with them. Good stuff!
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part V)

    I've done a lot of work in the past few weeks trying to get you to truly understand the person we've dubbed "The Insider". We've discussed who they are, and why they do what they do. Today I'm going to be looking at exactly what it is these insiders are trying to take. What are the targets? Intellectual...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VI) - Social Engineering

    If you've been with us the past few months, we've been talking about the who and why of economic espionage/insider threat. Starting today....we're about to make all you wannabe James Bonds out there understand the how. A New Degree in Engineering Still one of the hottest attacks around is one that you...
  • Blog Post: Economic Espionage: Mitigating the Risk Using Non-Technical Methods

    So yesterday I talked about the real risk that economic/corporate espionage is causing. It's huge!! This topic always ranks in the Top 3 whenever I ask the CSO "What is the biggest security risk you currently have?" Let's face it....every business has something that you consider to be unique. Something...
  • Blog Post: Toronto: EnergizeIt: Get Your Geek On!

    This past Saturday I was in Toronto to speak at their annual EnergizeIT event. Let me tell you something: These Canadians know how to throw an event! They had the audience of 1,400+ cheering and screaming during the opening keynote! I've done plenty of events and this was by far one of the best I've...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part IX) - Oldies, but Goodies

    Well....I received an absolutely unexpected and pleasure of an email from one of the excellent speakers over at the The Centre for Counterintelligence and Security Studies about my blog posts! I'm not sure they were reading or simply scanning for references to their website, but hey...I'm not picky!...
  • Blog Post: Happy and Secure New Year!

    I have returned! As many of you are aware, I travel extensively for my job and I was literally on the road for almost 10 straight weeks the latter part of 2007. Los Angeles. New York. Buenos Aires (x2). London. Redmond. Mexico City. Washington D.C. Toronto. I was more than excited to get to my vacation...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VIII) - Phone Home + The Power of the PMP!

    " Hey IT Guy , c heck out my cool phone! I can use it as a modem for my laptop! " Ever heard that from one of those end users? I'm sure you have. Sounds much better than " Check out my cool wireless bridge I've been using to exfil sensitive data out of our company! " No matter if you've got the latest...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part I)

    I got it to work! I had some issues with the video playback in Silverlight after it came out of post-production in Sony Vegas. I really wish there was an easy way for Expressions Encoder to sort of “save your profile” so you wouldn’t have to go and tweak settings each and every time. Pretty much a hassle...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part III)

    I hope this is waking some folks up with regards to the huge issue that insider threat poses within your own company. We discuss some of the common characteristics that these people show and how we identify them. What are some of the triggers that make these folks turn against you? What are the warning...
  • Blog Post: Tech-Ed 2007: Here we go!!

    Well, it's very late here in Orlando, and like a good speaker I'm still tweaking and adjusting my slides with recent data and working on my demos. I know, I know.... Steve Riley and I are on the same team, and are both going to be speaking at Tech-Ed 2007 this year....but Steve is pretty much has a ...
  • Blog Post: Economic Espionage: Mitigating with Technical Methods

    So we're all technical folks...and we all like to use technical solutions to fix problems. I'm tellin ya, without the proper non-technical controls I mentioned earlier....you're dead in the water. Can't have bacon without eggs and peanut butter without jelly. It's just incomplete. I'm telling you now...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat

    This is currently an area I've been focusing on for the past month or so. I've been doing a lot of reading, fact finding, research, etc. around the topic of data leakage that occurs when users are essentially stealing data from within your business. This ties into economic espionage, which is another...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part IV)

    This is the last of Episode Two and I hope everyone has been enjoying this interesting session with the FBI. In this final session, we wrapup and get a few comments from the audience. Good stuff.   Next time, I’ll be posting Episode 3 titled “Gate, Guards, and Guns” where we’ll spend some time talking...
  • Blog Post: The FBI Celebrates it’s 100th Anniversary!

    I had the distinct honor this week, of attending the Bureau’s 100th Anniversary celebration event here at the Dallas FBI Field Office . (I’m the one that’s not blurry in the picture on the left) The event itself was very well done and the speeches by both Special Agent in Charge Casey and by Sen. Kay...
  • Blog Post: Walking Data

    Well, I'm back from vacation to England. Very cool, but let's get back to what this blog is about: Security . So you got data leaving the business without permission? We all love to think the firewalls are being penterated by the 16-year old in the black Metallica "Ride the Lightning" concert shirt....
  • Blog Post: Big Bang Machine Hacked!

    Well, apparently no one planned any information security with the super collider. I love the quote from this guy who is obviously not a security guy “ We don’t know who they were but there seems to be no harm done. ” Right. No harm done. We’re sorta sure. Time to buy a tin-foil hat.
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part II)

    In the last post, I touched upon the reasons that Insider Threat is often ignore by corporations and businesses (yes.....this probably means you.) I also discussed the reasons why this threat is of much greater than concern than some 17-year old kid in some remote former Eastern Bloc country, hacking...
  • Blog Post: RSA 2008 - Day 2: Windows vs. Linux, PLUS Insider Threat Experts, and The Parties

    Day 2. I'm a but wore out since I was up into the wee hours trying to get my new video blogging mess figured out. The process that I thought would be (encoding and uploading).....wasn't. But the part that I thought would be easy (quality of the HD stream).....was. Still trying to work out exactly why...
  • Blog Post: Ever Feel Like the Dumbest Guy In the Building at a Security Event?

    As you probably already know, my full time job is to travel around the world speaking to execs and IT Pros about the world of information security. Recently, I was invited to speak at the North Carolina Technology Association's Five Pillars of Executive Leadership in a Non-Secure World Conference in...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part III)

    Today I'm going to discuss exactly who the these "insiders" are. As I mentioned earlier, the book " Insider Threat: Protecting the Enterprise from Sabotage, Spying and Theft " by Eric Cole and Sandra Ring has some terrific analysis and classification. Here's the breakdown: "We Love Bob!" " Hey everyone...
  • Blog Post: Oh Canada!

    You know you've made it when you land on the Canadian IT Pro User Blog . I just returned from a whirlwind tour of Western Canada where I hit 4 cities in 4 days (Calgary, Edmonton, Vancouver, and Victoria) and then had less than 20 hours at home before my next international adventure. I had a great time...
  • Blog Post: Economic Espionage: A Real Threat

    Another semester in the bag. I finished my last Information Assurance course in graduate school this past week. The class was on Trusted Systems and we spent a lot of time discussing the Common Criteria, the ratings, mandatory vs discretionary access controls, and we even created a Protection Profile...