Security Minded - from Kai the Security Guy

Some thoughts on security (and other stuff) from a Microsoft security professional

Browse by Tags

Related Posts
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part V)

    I've done a lot of work in the past few weeks trying to get you to truly understand the person we've dubbed "The Insider". We've discussed who they are, and why they do what they do. Today I'm going to be looking at exactly what it is these insiders are trying to take. What are the targets? Intellectual...
  • Blog Post: I'm baaaaack

    Well....as many of you can probably figure out, I've been remiss in my blogging as of late. Of course, there's no good excuse, except to put this in the context of "travel + content prep". Regardless.....I'm in fact back. This week is an interesting one. I'm actually up in Ottawa, Ontario for the Microsoft...
  • Blog Post: Airport Games

    Soooo….just got off the 6 hour flight from Changi Airport in Singapore to the Narita Airport in Tokyo. Got about a 4 hour layover, and as my world-traveler team mate, Steve Riley, told me…”Go to the Admiral’s Club, or be bored to tears.” Yippee. I get here and find out...
  • Blog Post: Not your Mama's Webcasts: Kai does the Defense in Depth Webcast Series

    Hopefully you were able to join me for a terrific two weeks of webcasts!! In 8 sessions we covered every layer of the security model known as "defense in depth". For those of you who missed out on the great fun we had, here's a way to go and check out the recordings. I did the best that I could to ensure...
  • Blog Post: TechNet Radio: Physical Security at Microsoft

    This is a pretty interesting podcast that I had the privilege to conduct a few weeks ago. I had the chance to go see Microsoft's Security Operations Center (SOC) and talk to Johnny Walker, CPP (Certified Protection Professional), the guy who leads the team that helps protect our physical assets. As you...
  • Blog Post: Part Three of Four as We Chat About Physical Security

    UPDATE : I got your emails about there being a problem with this Silverlight video (thanks Doug!), so I re-rendered and have re-posted the video. Nothing stinks worse than having the movie go out in mid-series! OH YES! I actually had the privilege yesterday of getting an hour long Capabilities Tour of...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part IX) - Oldies, but Goodies

    Well....I received an absolutely unexpected and pleasure of an email from one of the excellent speakers over at the The Centre for Counterintelligence and Security Studies about my blog posts! I'm not sure they were reading or simply scanning for references to their website, but hey...I'm not picky!...
  • Blog Post: The Security Show: Episode 3 “Gates, Guards and Guns”

    More of my sitdown with Johnny Walker who helps run our Microsoft Global Security Operations Center. When we talk about physical security, as IT Pros, we’re typically talking about securing the datacenters and the boxes themselves. Johnny also has to consider things like Loss Prevention, Executive Protection...
  • Blog Post: Airport Security: Bruce finds a YouTube gem as well

    For those of you who don't regularly read Bruce Schneier's blog (or books for that matter), it's a pretty good read and one you should consider. He found a YouTube gem from the TV show "Family Guy" that shows Stewie doing some pen-testing of his own. This actually aired pre-9/11. Funny and a bit scary...
  • Blog Post: Wow! I wonder who's going to take the heat for this?

    On the topic of "Ouch. Recently a Chinese Jin-class (Type 094) nuclear attack sub was picked up by a popular mapping application (not Windows Local.live.com....but the OTHER guys.) According to the Strategic Security Blog , it was imaged by a Quickbird satellite system. Of course, since this is China...
  • Blog Post: Convincing Your Boss to Move to Windows Vista (Part 2)...second attempt

    (Trying this again, after apparently overwriting my earlier blog post....troubleshooting blogs...fun times) Well, I am long overdue in posting this and I apologize. As many of you are aware, I spend about 70% of my time on the road doing international travel, so I'm usually trying to figure out how to...
  • Blog Post: Economic Espionage: Mitigating with Technical Methods

    So we're all technical folks...and we all like to use technical solutions to fix problems. I'm tellin ya, without the proper non-technical controls I mentioned earlier....you're dead in the water. Can't have bacon without eggs and peanut butter without jelly. It's just incomplete. I'm telling you now...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat

    This is currently an area I've been focusing on for the past month or so. I've been doing a lot of reading, fact finding, research, etc. around the topic of data leakage that occurs when users are essentially stealing data from within your business. This ties into economic espionage, which is another...
  • Blog Post: The Loss of a Hero: GEN Wayne A. Downing

    For those of you who are frequent readers (or who know me personally), you know that my past is deeply-tied to my coming of age in the 75th Ranger Regiment and the Special Operations community. The man responsible for the creation of this organization, and more importantly a true friend and leader of...
  • Blog Post: You got to love convergence! The Security Show: Episode 3 – Gates, Guards, and Guns

    In Episode 3 of the popular Security Show, we sit down with Johnny Walker who is a Group Program Manager with Microsoft Global Security Operations Center (GSOC). We’ve done a podcast on TechNet Radio with Johnny in the past, but this time we get into a little more detail as he explains the methods by...
  • Blog Post: Ever Feel Like the Dumbest Guy In the Building at a Security Event?

    As you probably already know, my full time job is to travel around the world speaking to execs and IT Pros about the world of information security. Recently, I was invited to speak at the North Carolina Technology Association's Five Pillars of Executive Leadership in a Non-Secure World Conference in...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part III)

    Today I'm going to discuss exactly who the these "insiders" are. As I mentioned earlier, the book " Insider Threat: Protecting the Enterprise from Sabotage, Spying and Theft " by Eric Cole and Sandra Ring has some terrific analysis and classification. Here's the breakdown: "We Love Bob!" " Hey everyone...
  • Blog Post: The Last Episode on Physical Security!

    This wraps up the 4-part series where I discuss physical security at Microsoft with one of the guys who keeps you safe when you visit Redmond or any other of the many Microsoft campuses around the world. Thanks Johnny for making us all feel safe when we step onto the campus and thanks for sharing your...
  • Blog Post: Is Kai Axford Speaking at TechEd 2008?

    The short answer is YES! However, I'm not going to be confined to a single breakout room like I was last year. (ESPNism: " You cannot stop him, you can only hope to contain him .") If you remember, we had such a huge amount of folks wanting to get into the session I did with the FBI that we had to turn...
  • Blog Post: Sweetie…can I make some security modifications to the car?

    This is just too awesome to miss. I always enjoy a good video, especially when it relates to security. I just recently bought a new SUV (traded in the 2004 Mustang GT convertible) with the new baby and now I’m very sad that I forgot to ask for this option when I did. The guys at DillonAero did a great...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part IV)

    After traveling the past 4 weeks non-stop, with barely enough time to figure out what time zone I'm actually in....I'm back with another installment of Insider Threat. Today we'll discuss the motivators for why this is happening. Let's get started! "Why Mr. Bond......thank you for your service." I had...