Pertinent InfoSec Newsletters

Admittedly, I dont do as much reading as I should.  Technical books are tedious, not much into novels unless it is sic-fi and most of the net articles seem to be generated to produce web site hits or to pad someones resume.  Unfortunately a lot if IT Sec information has gone the later route.  When was the last time you followed a link to an interesting report to find it bogus or trivial?

It is the amazing the amount of blank stares I get when asked how I keep up with the industry. I read the below two digests, listen to what is on my peers radar, watch what the government is avoiding saying and can come up with a good assessment of what is going on in IT Sec.  Below are my two favorite reading resources:

  • I have been reading the RISKS newsletter for over a decade now.  Im not sure if Peter was the originator or not, but it has been a terrific resource.  The summaries have a tendency to be biased but the references often point to originating sources so you can form your own conclusions.
  • Recently I discovered Crypto-Gram by Bruce Schneier.  While RISKS covers a wide range of security and info-social issues, the Crypto-Gram is security specific.  Bruce is well versed and of a similar mind as myself on security positions.



Occasionally I feel the need to repost some pertinent articles.  There is a good chance that it will come from one of these two resources.


Posted in InfoSec

It’s the Simple Things in Life



I came across this picture while cleaning out the photo library.  Star is long gone, but he is still sharing his doggie widsom.  God has created a wonderful planet.  Take a minute (or two) and appreciate all that we have and enjoy it!

Posted in General, Word of the Day

Datajockeys, LLC Redirect

Well folks, it has been over 14 years of IT adventures.  A few years ago, Fay and I decided to move from self employment to contracting.  I am still taking the odd IT job and doing consulting as time permits.

So what now?  Im developing the old work portfollio to reestablish my IT Security creds.    At one time I held a Top Secret / Single Scope Background Investigation.  This did not mean squat when I got out of the service.  Now all of the buzz is security this and security that.  I have been doing IT Security Management for over thirty years and now it is a specialty.

Over the last few years I have seen the IT Security industry merge as the current catch word.  Colleges are cranking out “Specialists” at an alarming rate.  Certifications from ISC2 and Sans are abundant.    My concern is how much security experience do these recent participants in the field have.  It goes back to either you are too old to know current trends vs inexperience of recent players in the field.  Admittedly I am the former.

When I entered the IT field in 1983, security was inherent in every process.  You messed up and you went to jail;  Not claim “whoopsie” and assign Public Relations and the Legal Team damage control.

So fir now, Im looking for a career position in Middle Management.  Not so high up that the day is spent in meetings and pushing virtual paper.  I still like to get my hands dirty and mentor enguaged co-workers.  Wait one…  That sounded better in my head.  Let’s put it this way.  the one Intern I had went on to own a respected Managed Services provider.  Thank you Eric for putting up with me over the years.  Time to see if it was a fluke or my calling in life.

In closing, if you have any leads on an IT Security position in the West Portland Metro area, let me know!

Posted in General