Security Minded - from Kai the Security Guy

Some thoughts on security (and other stuff) from a Microsoft security professional

Browse by Tags

Related Posts
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VII) - Moving Data Out of Your Organization

    Well, if you've been following along...we talked about who the insiders are and the metrics behind economic espionage. We've discussed why they do it and how they get the data. But I know this probably hasn't been very technical for most of you. Today that is going to change. Today we're going to talk...
  • Blog Post: The End to End Trust Vision: Microsoft's Framing of the Discussion and Call for Dialog Around Security

    You've been sitting around asking yourself, " Okay okay...I heard Bill Gates announce the whole 'trustworthy computing' concept back in 2002... What's next Microsoft? How do we solve the future security problems as an industry?" As you know, the Internet has transformed the way many of us live today...
  • Blog Post: Busy Busy Buenos Aires

    Hello Microsoft Argentina! I arrived in country at about Noon and had a meeting at 1:00 PM. I'm here working with Pablo Anslemo and his security team. Pable only has me for 1.5 days, so he's doing a great job in getting me in front of as many customers as possible. I met with the Buenos Aires CSO Council...
  • Blog Post: Well, maybe I’ll get a great refund in in 2009

    Apparently the IRS just realized that they had about 1,800 unauthorized web servers attached to their corporate network !!! Now I’m glad to hear that their CIO is working to get them removed, but sounds to me this is a great opportunity for them to implement a domain isolation model using IPsec. Now...
  • Blog Post: Where's Kai? RSA Conference 2008!!

    Well...if you're an IT Security Professional, you owe it to yourself to make the journey to the annual RSA Conference at least once in your life. It's the world's biggest security conference and many a great new announcement is made here. This year, it's my turn! They have some awesome speakers here...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part V)

    I've done a lot of work in the past few weeks trying to get you to truly understand the person we've dubbed "The Insider". We've discussed who they are, and why they do what they do. Today I'm going to be looking at exactly what it is these insiders are trying to take. What are the targets? Intellectual...
  • Blog Post: It's Official: Windows Vista SP1 (Beta) News

    (Info taken directly from the Windows Vista Team Site . I've saved you a click. Introducing Windows Vista Service Pack 1 In addition to regular Windows Vista updates, application compatibility improvements, and device driver improvements, Windows Vista Service Pack 1 (SP1) is another way Microsoft will...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VI) - Social Engineering

    If you've been with us the past few months, we've been talking about the who and why of economic espionage/insider threat. Starting today....we're about to make all you wannabe James Bonds out there understand the how. A New Degree in Engineering Still one of the hottest attacks around is one that you...
  • Blog Post: Economic Espionage: Mitigating the Risk Using Non-Technical Methods

    So yesterday I talked about the real risk that economic/corporate espionage is causing. It's huge!! This topic always ranks in the Top 3 whenever I ask the CSO "What is the biggest security risk you currently have?" Let's face it....every business has something that you consider to be unique. Something...
  • Blog Post: Melissa 2.0: CAPTCHA wish you girlfriend was hot like me?

    Okay, this is a perfect example of the bad guys thinking of ways to get your passwords. ( Kudos to the guys from TrendMicro for catching this one, as well as the hilarious title .) In case you haven't heard, apparently there is a new virus out there that activates when you hit one of those CAPTCHA checks...
  • Blog Post: Toronto: EnergizeIt: Get Your Geek On!

    This past Saturday I was in Toronto to speak at their annual EnergizeIT event. Let me tell you something: These Canadians know how to throw an event! They had the audience of 1,400+ cheering and screaming during the opening keynote! I've done plenty of events and this was by far one of the best I've...
  • Blog Post: This is laughable.

    Okay, I don't apparently need to hunt for any security topic. They just find me. There is one company (and CEO) that just continue to amaze with their statements. Does anyone take this guy seriously? Yes, it's Symantec again. Today at the CeBIT conference in Hanover, Germany, their CEO, John Thompson...
  • Blog Post: Not your Mama's Webcasts: Kai does the Defense in Depth Webcast Series

    Hopefully you were able to join me for a terrific two weeks of webcasts!! In 8 sessions we covered every layer of the security model known as "defense in depth". For those of you who missed out on the great fun we had, here's a way to go and check out the recordings. I did the best that I could to ensure...
  • Blog Post: Hello Baby!

    Frantic in Dallas I’m back…after a long absence. The last 3 months or so have been crazy in my life. After my trip to London and Edinburgh in mid-September, I returned home patiently awaiting the delivery of our son in late-October. We went to the doctor on Monday, September 29th and the sonogram looked...
  • Blog Post: TechNet Radio: Physical Security at Microsoft

    This is a pretty interesting podcast that I had the privilege to conduct a few weeks ago. I had the chance to go see Microsoft's Security Operations Center (SOC) and talk to Johnny Walker, CPP (Certified Protection Professional), the guy who leads the team that helps protect our physical assets. As you...
  • Blog Post: Kai Axford is Joining the FBI...

    ...for a terrific presentation at Tech-Ed 2007 in Orlando!! That's right...in conjunction with the Dallas FBI CyberCrime Team, I'm going to be conducting a session based on the new Microsoft Fundamental Computer Investigation Guide for Windows. Here's the session title and abstract: SEC312: How'd they...
  • Blog Post: Part Three of Four as We Chat About Physical Security

    UPDATE : I got your emails about there being a problem with this Silverlight video (thanks Doug!), so I re-rendered and have re-posted the video. Nothing stinks worse than having the movie go out in mid-series! OH YES! I actually had the privilege yesterday of getting an hour long Capabilities Tour of...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part IX) - Oldies, but Goodies

    Well....I received an absolutely unexpected and pleasure of an email from one of the excellent speakers over at the The Centre for Counterintelligence and Security Studies about my blog posts! I'm not sure they were reading or simply scanning for references to their website, but hey...I'm not picky!...
  • Blog Post: Books of the Month Club....I read a lot

    When I'm sitting on a plane and they tell me to "turn off anything with an on/off power button"...it hurts. So then I pull out a book and read. As much as I fly, I read a lot. Often I'm catching up on one the many, many trade magazines to which I subscribe ( CSO Magazine , Security Management...
  • Blog Post: Here we go again....

    Again, please correct me if this recent report seems to be a bit self-serving. The jist of this report is saying, " Yeah...Vista is good...but it's not perfect....what would make it perfect is the use of some 3rd party security stuff...umm...like our 3rd party stuff ". Is this really news ? I completely...
  • Blog Post: The Security Show: Episode 3 “Gates, Guards and Guns”

    More of my sitdown with Johnny Walker who helps run our Microsoft Global Security Operations Center. When we talk about physical security, as IT Pros, we’re typically talking about securing the datacenters and the boxes themselves. Johnny also has to consider things like Loss Prevention, Executive Protection...
  • Blog Post: Happy and Secure New Year!

    I have returned! As many of you are aware, I travel extensively for my job and I was literally on the road for almost 10 straight weeks the latter part of 2007. Los Angeles. New York. Buenos Aires (x2). London. Redmond. Mexico City. Washington D.C. Toronto. I was more than excited to get to my vacation...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VIII) - Phone Home + The Power of the PMP!

    " Hey IT Guy , c heck out my cool phone! I can use it as a modem for my laptop! " Ever heard that from one of those end users? I'm sure you have. Sounds much better than " Check out my cool wireless bridge I've been using to exfil sensitive data out of our company! " No matter if you've got the latest...
  • Blog Post: Convincing Your Boss to Move to Windows Vista (Part 2)

    Well, I am long overdue in posting this and I apologize. As many of you are aware, I spend about 70% of my time on the road doing international travel, so I'm usually trying to figure out how to say, "Take me to the < insert hotel chain here > hotel" in French or trying to figure out what visas...
  • Blog Post: It's like having a GSOC of your very own: The Global Real Time Incident Map

    Got too much time on your hands? Feel a need to monitor the entire world for security incidents? Then check this out. I just heard about this and wanted to get it posted, so you guys can see what's not making the evening news. It's a pretty cool website that is updated in almost real time, and is pretty...