Beast Or Buddha

Securus Global Roles

Drazen Drazic — Fri, 12 Mar 2010 07:22:37 +0000

We’re looking for people again. Check out the role advertisement. If you think you fit the role description and want to join one of the region’s best and fastest growing security companies, give us a yell.

Just a note: while we are open to overseas people applying, and we have recruited OS before, having a work visa or the like for Australia is preferred.

———————————————————————————————-
Securus Global: IT Security, Penetration Testing, Security Assessments, PCI Compliance, Product Assurance, QualysGuard, Security Strategy, Vulnerability Assessment.

Why is “Commander” still allowed to do business?

Drazen Drazic — Tue, 09 Mar 2010 11:56:02 +0000

This is a dodgy operation who went bankrupt and did not pay their bills but somehow still exist under the same name?

http://www.commander.com/

Stay away from them. Weird they exist.

Security Consortium Watch…..

Drazen Drazic — Tue, 09 Mar 2010 05:42:33 +0000

I’m not going to go back over all the old posts to try to remember who all these mobs were, but is there a consortium still doing anything? eg; ICASI and SAFECode. etc etc…..

Some previous posts mentioning them: http://beastorbuddha.com/?s=consortium

Not much more to add that I haven’t already said in the link above and links within the posts.

Is there a Cloud one also? Sure there is.

“Emerging Threats” – Most “emerged” a long time ago….Emerging Responses?

Drazen Drazic — Mon, 08 Mar 2010 03:10:32 +0000

A bit quiet lately. Sometimes I wonder if there’s more to say that I haven’t covered in the 500+ posts in Beast or Buddha. (The really interesting stuff, you can’t write about for obvious reasons). What do you do? Continue to rehash the old stuff? Sometimes!….which brings me to an interesting discussion.

We were asked to do a presentation recently on “emerging threats” at a business forum for IT Security and Risk Management professionals. Seems straightforward enough but when looking back over previous such presentations we’ve been doing over the years, nothing much was changing – in particular our recommendations on how organisations should be dealing with “emerging threats”. We could have almost just pulled out “Emerging Threats” presentation, (circa 2002) and done it word for word, (with only a few very minor wording and definition changes, eg; “Cloud”, “APT” etc ).

Should we be calling these presentations; “Emerging Responses”? It’s the response part that is in most cases yet to “emerge” effectively! The “threats” (most of them), emerged a long time ago. In many cases, we just call them different things now because we’ve failed to deal with them properly at the time, so it’s easier to rename something – makes it all seem that little bit new, and covers up to a degree for failures in the past.

Am I being unfair? Keen on your thoughts.

Recruiters….please don’t purport to represent Securus Global

Drazen Drazic — Wed, 03 Mar 2010 00:20:09 +0000

Dear Recruiters,

Unless we officially approach you to work with us, ie; approve you to go out and look for candidates, please don’t go out and approach people who you think we might like to fullfill roles that we advertise. This doesn’t look good upon you. We don’t support random headhunting of people.

Securus Global Team

What’s your “checklist of choice” for an Enterprise State of Security review?

Drazen Drazic — Tue, 02 Mar 2010 08:56:48 +0000

Just wondering how some people would and/or do approach an Enterprise State of Security assessment? Obviously given the plethora of standards, regulatory “guidelines” etc, there’s no right answers. (Including size and scope of such an exercise…assume it is possible of course!). Do you see it as something impossible? Would you use something like PCI DSS? Do you have your own framework/methodology? Keen to hear people’s thoughts.

Advanced Persistent Threat…APT…WTF!?

Drazen Drazic — Sat, 27 Feb 2010 14:59:21 +0000

I know it has taken me a while to catch up, but I relegated it low priority when I first heard of this “APT” business. Bad of me? Who made this stuff up? This is something you’d only make up for a laugh. But, all of the sudden, my industry is talking about it. FFS. Is this an American thing?

….if I had to mention that to a client. “Stand back…..you have an APT!!!”…… “Thanks Draz…awesome we hired you to save us!”

I have nothing! If this makes Wikipedia, (which it may have by now (Ed: yeah, I know it’s there), I’d love to chat (Ed: modified to not scare people), with that genius who invented the term, (for our industry).

(Off Topic) Web 2.0 Case Study: How it can work – Jerrys Plains and Coal Mining.

Drazen Drazic — Thu, 25 Feb 2010 11:46:46 +0000

In my day to day, I read blog after blog and most of the ones that I have bookmarked are all I need to keep up with the latest in IT Security news. I rarely now ever read an IT news site unless it’s linked from a blog I read (or to be fair…..Twitter). This Web 2.0 business has substance. I hate the term but love the delivery. (FFS most IT news sites are not worth it anymore (not that many were before), when the bloggers and twitters provide the news quicker!). Anyway, back to the off topic:

The Protect Jerrys Plains blog is one of the best examples of Web 2.0 in action I have come across. Yes, it is run by a friend, Big Galoot, Craig Chapman, and yes, probably the only reason I know about it. But, it’s a gem!

I highly recommend the read. There’s not many entries but if you want to see Australia’s version of Erin Brockovich in action, this is it. It is a soap opera of big business and NSW government games at their best. Read how some make millions from nothing and how a community is spun on the concept of “supporting” individuals and big business making squillions. It reads like a daytime drama, but it is what a community and NSW taxpayers are copping while at the same time being convinced they’re getting something! It’s still going on…..keep reading….logic tells you that someone will someday soon get into trouble!

Web 2.0 – If the Jerrys Plains community did not have this, you have to wonder where they may be?! It still may end bad but at least there will be a record of how it got there and one day, someone may decide to make the players accountable. Go Big Galoot!

Symantec Customers Immune to Rising Security Threats! (Late Update: Maybe Not!)

Drazen Drazic — Mon, 22 Feb 2010 23:10:26 +0000

Symantec Press Release 22 February, 2010: Symantec 2010 State of Enterprise Security Study……

(Time to pump out another piece of marketing to get people thinking about buying Symantec. Here’s the report if you are interested in wasting a few minutes).

Just reading this now…….wooo…..hang on……what I don’t see anywhere in this report is a proud statement that Symantec customers are the lucky few that are safe from malicious attacks that other businesses are facing.

Why is this not in there Symantec? Surely you should be beating your own drums given you so proudly told us all some time ago that your product(s), and I quote; will provide “…proactive protection against unknown and zero-day threats”. It’s the Symantec Guarantee!

As such, surely Symantec customers do not have the same concerns as those poor businesses you mention in your study. Let us know if this was just an error on your part, or Symantec just not wanting to show off here because, surely you would not use bullshit marketing in the past?!

Door to Door Spam Chaser Style

Drazen Drazic — Sun, 21 Feb 2010 08:35:56 +0000

Classic Chaser work: