Securus Global Roles

Posted on March 12th, 2010 by Drazen Drazic

We’re looking for people again. Check out the role advertisement. If you think you fit the role description and want to join one of the region’s best and fastest growing security companies, give us a yell.

Just a note: while we are open to overseas people applying, and we have recruited OS before, having a work visa or the like for Australia is preferred.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 3 Comments »

Recruiters….please don’t purport to represent Securus Global

Posted on March 3rd, 2010 by Drazen Drazic

Dear Recruiters,

Unless we officially approach you to work with us, ie; approve you to go out and look for candidates, please don’t go out and approach people who you think we might like to fullfill roles that we advertise. This doesn’t look good upon you. We don’t support random headhunting of people.

Securus Global Team

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 7 Comments »

(Off Topic) Web 2.0 Case Study: How it can work – Jerrys Plains and Coal Mining.

Posted on February 25th, 2010 by Drazen Drazic

In my day to day, I read blog after blog and most of the ones that I have bookmarked are all I need to keep up with the latest in IT Security news. I rarely now ever read an IT news site unless it’s linked from a blog I read (or to be fair…..Twitter). This Web 2.0 business has substance. I hate the term but love the delivery. (FFS most IT news sites are not worth it anymore (not that many were before), when the bloggers and twitters provide the news quicker!). Anyway, back to the off topic:

The Protect Jerrys Plains blog is one of the best examples of Web 2.0 in action I have come across. Yes, it is run by a friend, Big Galoot, Craig Chapman, and yes, probably the only reason I know about it. But, it’s a gem!

I highly recommend the read. There’s not many entries but if you want to see Australia’s version of Erin Brockovich in action, this is it. It is a soap opera of big business and NSW government games at their best. Read how some make millions from nothing and how a community is spun on the concept of “supporting” individuals and big business making squillions. It reads like a daytime drama, but it is what a community and NSW taxpayers are copping while at the same time being convinced they’re getting something! It’s still going on…..keep reading….logic tells you that someone will someday soon get into trouble!

Web 2.0 – If the Jerrys Plains community did not have this, you have to wonder where they may be?! It still may end bad but at least there will be a record of how it got there and one day, someone may decide to make the players accountable. Go Big Galoot!

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 3 Comments »

The best business books…..What?

Posted on February 20th, 2010 by Drazen Drazic

Thanks D: http://bsdosx.blogspot.com/

This guy wasn’t “consulting” with me when he did this :
http://personalmba.com/best-business-books/

The greatest and all time best management book is: “The Dilbert Principle” by Scott Adams. Since its release, it has been mandatory reading for all staff!….It is the only one worth reading!

As a business dude, that is 99 books I will not read…when the greatest is snubbed!

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 3 Comments »

Securus Global about to get an ACS Member…no joke. :)

Posted on February 2nd, 2010 by Drazen Drazic

Amazingly, one of our own…a Securus Global person is about to become a member, (we hope…..) of the Australian Computer Society.

“We hope”..because that is the only way he can work as an IT person in Australia and get his visa approved. (I hope this post does not delay him). With all the posts here regarding the ACS, I never clicked that a new “Australian” IT person, MUST ALSO, become a member of the ACS, as part of visa acceptance. (My fault…I just did not assume that that stupidity would extend to mandatory “membership”).

So now, we will have a member of the ACS as part of Securus Global……if they accept his credentials to be good enough to work here with us. Who knows, we may learn some things.

Phil Argy, who I find a good bloke to chat with and who, to his credit, will respond here, will probably/hopefully present a case as to why all new Australians must become a member of the ACS….but I cannot see it ACS myself and you know me Phil.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 118 Comments »

“The Great Australian Internet Blackout” Information

Posted on January 29th, 2010 by Drazen Drazic

Run by Electronic Frontiers Australia (EFA), “The Great Australian Internet Blackout” is on.

Some background on this from our perspective can be found here. This is important.

We’ve been against this Government “initiative” from the outset. It is flawed on so many levels, so please, have a read and pass this information onto your colleagues, family and friends, if you haven’t already.

We need critical thinkers to push this information out into the broader community who may not understand the real issues outside of the Government spin on it. We need to wake up our fellow Australians!

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 2 Comments »

Wrapping it up for another year….

Posted on December 24th, 2009 by Drazen Drazic

Hey All,

Wrapping another year. No special 2010 predictions or year round-up. You can probably skip to the ones I did for previous years and just change the date to 2009/2010. Should be pretty accurate.

A few new Aussie Bloggers added to the mix in 2009: http://beastorbuddha.com/blog-directory/ and there’s quite a few guest bloggers lined up for 2010 for Beast or Buddha. Let me know if you are keen to submit something for publication here also – we’re always looking for new content.

Some big things happening with Securus Global also in 2010. Stay tuned for our press releases. Thanks to all our customers and business partners who have supported us this year.

Thanks to everyone who stops by here to read my rants, to check out the job postings in Beast Hot Jobs or posts in the Forums. I hope you all have a great 2010.

All the Best
DD

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | No Comments »

Internet “Filtering” Trial and Report – Flawed

Posted on December 15th, 2009 by Drazen Drazic

Reading through the ISP Filtering Live Report(s) – still wondering what this proves. Is anyone surprised by the findings? I’d have been surprised if it was much different. Now to base a full blown strategy (flawed in concept according to many from the outset) on a test/trial whose scope is ridiculously inadequate to represent real-life implementation. It would laughable if the impacts upon us of this progressing weren’t potentially so serious. Where to start? What hasn’t been said before? Refer here:
http://beastorbuddha.com/category/internet-filtering/

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Bad Stuff, Dumb Security, Internet Filtering, Uncategorized, WTF | 8 Comments »

Wondering why this post gets the most hits….

Posted on October 29th, 2009 by Drazen Drazic

It’s interested me for a while, why this particular post “Journalising, Journalism and Blogging…Restrictions on Posting” continually gets the most hits regardless of new posts. If you’re hitting this post for a reason, I’d be keen to know.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Posted in Uncategorized | 2 Comments »

Drowning in Information Security Conferences……

Posted on October 20th, 2009 by Drazen Drazic

I remember years ago (many I suppose), the Information Security conference calendar was quite empty. You’d struggle to get anything at times and options were to wait a long time or head off overseas on a junket.

How things have changed. It seems there’s some sort of conference or seminar held daily or at least weekly. Most aren’t worth the time and effort. They’re either a vendor driven marketing day, (hey, if you’re into that vendor and a free lunch, go for it), or a conference created by non-industry people to make a buck (riding on the coat tails of hot topics of the day). The latter really gets my goat most times. They’re nothing more than random topics within the larger “hot” topic, random speakers (whether of any note or not), in and out, and pay your 3K. You know the ones – the marketing looks great, they look like they are doing the industry a service, but you walk out of there deflated and thinking you’ve been stung.

On the flip side, we are blessed with some great events and people should really get behind these and support them. They’re the ones usually run by industry people for the industry.

I’d be keen to hear about some conferences you’ve been to, and your thoughts on them. I am sure others would appreciate the tips also.

Posted in Uncategorized | 5 Comments »

Random Links and Rants…….

Posted on September 23rd, 2009 by Drazen Drazic

- I know this is an old one and has also been covered here in the Forums, but gees it’s worth another look and laugh; “Queensland Police plans wardriving mission“. ROFL at; “Detective Superintendent Brian Hay of the Queensland Police, who today was honoured by security vendor McAfee with an “International Cybercrime Fighter Award”. I need to get one of those. How do I apply McAfee? Gees, what can you say? ICFA for short?

- Thanks to Matthew Hackling for highlighting this link to APRA’s site and discussion paper on “Management of IT Security Risk“. Now this is interesting. Firstly, it seems to be pretty closely based on the Monetary Authority of Singapore (MAS) “Internet Banking and Technology Risk Management Guidelines“. Not a bad thing! Just 8 or 9 years behind the game in terms of Asia Pacific regulators APRA. (But hey, we already knew that). Wondering how they plan to enforce any of this or is it just a project to make them look like they’re on top of their game? Did I mention 8 or 9 years behind other regulators in Asia? Ah yes, I did. Who needs regulation in the Banking sector anyway?

- I’ve got an article posted at Tek-Tips; “Overcomplicating Information Security and Risk Management“. Keen on your thoughts and thanks to the guys on Twitter who’ve already sent through their comments.

- I’ll be reviewing the CFP responses for the Lightning Presentation session for the upcoming AISA National Annual Seminar Day on the 3rd of December, 2009. If you’ve done some really cool stuff or want to share some really interesting information about something in our industry (but don’t want to talk for 40 minutes), please send through your presentation overview.

Posted in Uncategorized | 10 Comments »

Decision Making Processes – Selective Formulas and Approaches…..Not Really?!

Posted on September 1st, 2009 by Drazen Drazic

Lets cut to the chase and get rid of the waffle and sales talk, and the plethora of client marketing and sales methodologies. (And, I have seen a heap of them). Remove technical superiority, cost-effectiveness and best ROI (whether that be financial and/or business improvements)….oh and I forgot, “security” itself. In the majority of cases, these are irrelevant in most sales opportunities. i.e; The best does not win out in the majority of cases.

Final decisions in most cases are not based on deep analysis to determine the best solution, service or product. They’re not in most cases based upon expert advice/opinion, and certainly less so in a democratic way…..though we know the latter also doesn’t produce the best outcome. (Critical thinking within more than 50% of the population involved aside).

Business in the majority of cases is won 2 ways: (1) Sell the easiest option that provides the decision maker with backside coverage in the event of solution, service or product not working. ie; the old IBM story, Big 4, Cisco etc; (2) Through relationships and friendships – looking after your mates. Forget comparing “apples with apples”…… don’t blame a lack of technical expertise of the decision maker on why you didn’t win the business. Look to (1) and (2) and position yourself there if you want to be competitive.

The best solutions, services and products overall if not falling within either of these categories battle for the crumbs left. It’s a large reason that the Information Security industry hasn’t really progressed far in the last 10 years.

I know this is not new to many but keen on your thoughts, flames and war stories (but leave the names out). Just brain dumping.

Posted in Uncategorized | 9 Comments »

Memories of 2005……not an IT Security topic…..

Posted on August 16th, 2009 by Drazen Drazic

My Rugby League team, the West Tigers, had been having a pretty ordinary year until about 6 weeks ago. They’re now 6-0 in the last 6 weeks. I had no expectations before I went overseas….(not in the running for the finals), but it was great to come back and see they had won every game while I was away! (Yes, I am superstitious enough to believe that it was me being away….but today they won 56-10 so that’s BS!)

Now the point of this post:

Read the rest of this entry »

Posted in Too cool, Uncategorized | 5 Comments »

Random Links and Rants…….

Posted on May 8th, 2009 by Drazen Drazic

- Great to see Qualys release a new “Laws of Vulnerabilities“. Waiting for a more detailed release which they tell me is coming that will have some context for those people who could not attend the presentation. I know full context is based upon just those that run VA to an extent but the data does makes for interesting analysis regardless.

- The Internet censorship video production by Donal and Wade, www.nodecity.com went global soon after the Beast or Buddha scoop (thanks guys). Check it out if you haven’t already.

- Small victory for iiNet in it’s current legal battle – reported here at ZDNet. Related posts here. Still wondering why iiNet is getting so little support from it’s fellow industry players. Weak!

- In Melbourne next week for business but also to do first round of interviews for Securus Global role. Penetration Testing expertise is key but just part of the criteria (yeah, for the benefit of Google that link….need to knock off a few in the order…LOL). More here.

- Nice to see a couple of our competitors merging. All the best with it guys. Awesome….one less competitor now! You’ll read about it…..

- Following @AISA_National, @Perth_AISA and @Melbourne_AISA now on Twitter.

- Seems to be award season at the moment with a few organisations running various industry awards. Good luck to those people and organisations nominated. Some truly deserve their awards and others, well…..somewhat related post here. Yeah, typical me. Have a great weekend all.

Posted in Uncategorized | No Comments »

Doing first round of Melbourne interviews next Thursday….

Posted on May 5th, 2009 by Drazen Drazic

As you may have seen here in this role advertisement, we’re looking for a new person to join Securus Global to be based in Melbourne. I’m going to be in Melbourne next Thursday and possibly Friday (14-15 May) on business but will also be conducting some interviews while there. (Not the final ones as the applications don’t close until 20 May, 2009). If you’re planning to apply and are keen to meet with me sooner rather than later, get your application in soon. I will be back in Melbourne soon after the 20th for the next round. (Fair playing field and no advantage either way).

Posted in Uncategorized | 2 Comments »

Where did the Role of the CIO go wrong? Part I

Posted on April 13th, 2009 by Drazen Drazic

This is far from my first post on the role of the CIO. While most posts have been focused on the [CIO] failures to fully understand the role of Information Security professionals and the industry in general, many [posts] have also looked at the fundamental failures of CIOs and their roles in business. The two are interdependent.

Somewhere around the late 90s, this “CIO” title started to became the role “title” of choice for the most senior IT person in the organisation. Out went “IT Director”, “IT General Manager” and similar titles, and in came the trend of “CIOs” starting to consider themselves business people. Now at the time, most CIOs were IT people and drawing that long bow to be now viewed by their own staff as “business people”, created one of the major turning points.

This has been a catalyst for leading our industry into more than 10 years of little change in regards to significant IT development, better security, and to an extent, relatively effective control of IT in a business, any potential, and most importantly, understanding and forceful commitment to the emerging Information Security industry and the rising impacts of the latter to business. Is this the reason good information security adoption has lagged, and to many extents, is just plainly non-existent in many organisations?

Taking this deeper, without that critical mass of acceptance at that senior level – the representative voice of IT to the business and flow-on effects to society as a whole has failed. Accountability means little to nothing in the overall scheme of things pertaining to longer term strategy – “Governance” in IT security overall would be deemed a failure. Risk Management across an enterprise from a holistic view is a failure. (In silos, there are some successes but what overall benefit if the business as a whole has no business-wide understanding of itself). Without this review and the most basic and potential root cause analysis and planned treatment of the root causes, we have the lack of progress, (though some would call total failures)….should we expect to be in a better position now or in the short term future?

Part II will look at more detailed analysis of the CIO in business and their relation to IT Security. Thanks to Donal for this one:
http://chucksblog.emc.com/chucks_blog/2009/04/thoughts-on-the-state-of-the-cio.html

Why aren’t CIO’s competences being analysed from within their own departments? While I know so many good CIOs, I’ve met far more who are out of the their league and you wonder what they really know. If they want to be “C-level” people, they need to be more scrutinised in the same way as CEOs and CFOs (even though we know that is also far from ideal a lot of the time)..

Stay tuned for Part II

Posted in Bad Stuff, Dumb Security, Risk Management, Uncategorized, Vulnerability Management, WTF, cyber crime, governance | 1 Comment »

WAFs, WAFs, WAFs…

Posted on March 22nd, 2009 by Drazen Drazic

Posted in Uncategorized | 3 Comments »

ISPs should be supporting iiNet…..not just lip service!

Posted on February 14th, 2009 by Drazen Drazic

iiNet is targeted as the fall guy for this BS “piracy” lawsuit. (My opinion).

Previous thoughts here. Every other ISP in Australia I put it to you would be taking the same stance as iiNet, so why is iiNet at present not being supported by the other ISPs?! By support, I mean something of substance….money, meaningful help and numbers….not just lip service in the press!

Read on:
Read the rest of this entry »

Posted in Uncategorized | 2 Comments »

Beast Hot Jobs – What’s doing?

Posted on February 12th, 2009 by Drazen Drazic

Beast Hot Jobs is now free posting all IT security and related roles. If you have open positions you would like to advertise, send them here.
(Accepting all Australian, New Zealand and International Roles).

Posted in Uncategorized | No Comments »

Australian IT Security Bloggers and Twitters

Posted on January 21st, 2009 by Drazen Drazic

I’m keeping a blog directory here of Australian IT Security Bloggers but the list is still so small. Is this all we have? Please send me (or reply here) any updates you have.

Also, if you are on Twitter, add that also. I will add Twitters to that list soon for a central point of reference/contact.

Posted in Uncategorized | 4 Comments »