I am posting the slides from my Cloud Computing talk today. A slide show that you can view, and if you want my full deck you just have to email me or Tweet, with your version of PowerPoint or format choice.

I finished up the slides, and added the Larry Ellison audio last night at midnight, so I got to bed after 1am and then got about three hours of sleep before driving the 3 hours to Springfield (IL). This was for the Infragard conference on data protection (see below). We had about 160 people turn out, from all industry sectors. Including: police, federal, agriculture, banking, schools and colleges… Our keynote speaker was excellent (John Bace, of Gartner). We wrapped up around 4pm and I just got back from the return drive. I’m heading off for a nap, and may comment more later. For now, my eyes are bugging out from writing these slides up in one marathon session yesterday. I thought my talk went well, I hope you find the slides somewhat useful. Read More

Please think about attending the FBI Infragard Conference next week in Springfield, Illinois! The cost is ONLY $30 per person, and includes food throughout the day and a nice lunch. This is a great opportunity to hear some excellent security speakers and topical information that is current and helps you in your job.

The Cyber Defense and Recovery Conference:
“Keeping Secrets Safe: Protecting Your Data” Read More

If you want to protect your sensitive data, and it’s exposed to the Internet, you have to choose between multi-factor authentication (MFA) and a basic password. On your internal network you may have additional safeguards in place to keep the bad guys out, but when you have data exposed to the Internet, it should be protected. This means you protect it with tools like encryption when it is at rest, in transit and you strongly authenticate users when they access it. You really only want people who are authorized to be able to log on and see that stuff.

Single-factor authentication would include using a password or PIN to log onto a web application, or your Windows domain when you get to work in the morning, for example. For many users this is quite adequate. If someone steals your password and the worst they can do is screw up your data or see your email and this doesn’t put your company at risk, then your company may do fine with a simple “90-day” policy for changing your password. Two-factor authentication would add another requirement in addition to your password or pin (something you know), such as a piece of hardware (something you have: a key fob or card) or a biometric (something you are: a fingerprint or iris scan). Traditionally, two-factor authentication is implemented by having both basic logon credentials (username/password) and a hardware token that generates a unique code every 60 seconds, that is somehow synchronized with a server on the other end. These two layers of security then are much more effective at only allowing the people you want to connect. Read More

It seems my old boss found a bit of notoriety, while visiting the Quad Cities this past week. [Article Link]

Jeff Botkin was the manager who hired me at John Deere ten years ago. He moved to Denver about a year later, and went to work as a security manager at AT&T. He stopped by to visit us at the office, and we had a few beers during his trip to visit family in the area a week ago. On his way home, he decided to take two 8-ounce jars of the world-famous Boetje’s Mustard in his carry-on luggage. TSA screeners quickly sequestered him, and confiscated this “dangerous contraband”. I suppose it only makes sens, when you consider how dangerous mustard can be. If he perhaps found a way to get the mustard through the steel-reinforced door protecting the cockpit, and into the eyes of the pilot and co-pilot, they may have been very irritated and this may have lead to the luggage shifting in-flight. Read More

Tonight is the 47th Annual QCESC Engineers Week Banquet (http://www.qcesc.org/banquet.htm) being held in conjunction with the Henry Farnum Dinner this year. We should have a couple hundred attendees for a talk on the completion of lock and dam 15 at Rock Island, on the Mississippi River. In addition, the Quad Cities Engineering and Science Council will be presenting Jr./Sr. Scientist and Engineer of the Year awards, a Lifetime Achievement award and student scholarships. QCESC is composed of a number of area engineering and science organizations, including the IEEE section that I was chair of last year.

If you decide to come at the last minute, we should have a couple extra places saved, and there may be snow tonight which will lead to some no-shows. Please DO COME if you have an interest. It will be a wonderful presentation, and the banquet is served by the Radisson in downtown Davenport. An excellent event, for only $40. Read More

Is it common for security professionals to have their (corporate) day job, and teach/write/speak in their spare time? I have my teaching schedule pretty well laid out for 2009. I will be teaching astronomy (16-week, 4 credit) in the Spring and Fall semesters for Scott Community College, and shorter Summer semester courses for SCC and St. Ambrose. The St. Ambrose course is 8 nights over 8 weeks, starting at the beginning of May, for 3 credits.

In addition, I am in discussions with a company in India to design two graduate security courses for an online university. The titles are, “Information Security Challenges and Solutions (3 sem. cr.)” and “Information Security Governance (3 sem. cr.)”. If the timeline and price is agreeable, I may start on those yet this month. Read More