Cell Phone Etiquette

Your cell phone should not be treated as priority one in your life. If you prioritize this device, this machine, this piece of equipment over direct human interaction, then you have behavioral issues. This thing, this device, comprised of metals, plastics, and glass,  must not, can not, and should not be used to replace, substitute, or supplant face-to-face interactions with human beings.

I have created a few suggestions, to help you to avoid being a rude bastard to your fellow mankind, which I call, Cell Phone Etiquette.

Some of you may think that I am wrong or crazy, but I say that manners matter in this world. These NOT's are suggestions that will help us all in avoiding these infractions of common human decency. Should you decide to disregard these suggestions; you, fellow human, are a RUDE Bastard!

1. It is NOT OK to touch or even look at your phone during an interview, just turn it off before the interview.
2. It is NOT OK to talk on your cell phone while seated at a table for a meal with others; just excuse yourself and take the call away from the table, preferably, out of the establishment. 
3. It is NOT OK to carry on a long conversation, on your phone, while seated in a car next to another human being. It's OK to take the call but keep it short and remember to excuse yourself before and apologize after your call.
4. It is NOT OK to talk on your phone in an overtly loud manner while on public transportation. Keep your voice down, no one cares about your conversation.
5. It is NOT OK to read and send emails during a meeting. 
6. It is NOT OK to interrupt a face-to-face conversation for an incoming call. If it's someone or something that you think may be important, excuse yourself and keep the call short. Apologize when you rejoin the face-to-face.
7. It is NOT OK to use your speakerphone while in close proximity to others that are NOT part of your phone conversation.
8. It is NOT OK for your phone to ring during meetings, in a movie theater, at a funeral or during a wedding. Always, set your phone to vibrate for these types of events. There are automated apps that can set your phone to vibrate automatically when a scheduled meeting is in progress
9. It is NEVER OK to text, play with or talk on your phone during meetings.

Tech Recruiters Take Note: Simple Suggestions from a Simple Dude

Do's & Don'ts for Technical Recruiters

1. Don't make significant changes to my resume, ever.
2. If you can't speak clear and concise English, don't call me, use email.
3. Don't ever text me unless I request that you do so, this goes for ALL companies!
4. Don't request that I perform significant changes to my resume.
5. Don't contact me unless you understand my experience.
6. Do not send me positions that I am highly over or under qualified for.
7. Don't send me jobs that require a clearance which I do not have.
8. Should I have a clearance, don't send me positions that do not require a clearance.
9. I don't want to meet you face to face prior to you submitting my resume to a customer.
10. Don't send me jobs that require relocation unless there are relocation expenses included in the job offering.
11. Don't send me jobs that require relocation if my profile says that I am unable to relocate.
12. If you can't read my resume or understand my resume then don't submit my resume to your client.
13. Do, get a fresh resume from me for every new opportunity, AND destroy any old versions of my resume, please!
14. Please read my resume before contacting me!!!

Continuous Monitoring: Holy Grail to FISMA Compliance – or Not?

Is Continuous Monitoring the Holy Grail of FISMA compliance? Maybe, maybe not, does it really matter? Let’s leave out the debate over whether or not the new FISMA regulations actually provide any real security. The reality is that we, as government employees or contractors, must fulfill our compliance obligations. Those of us who want to provide real security in our environments should not only abide by all compliance mandates, but also implement security standards and practices that truly improve security within our appointed domains

With the variant types and levels of threats, the exponential growth in numbers of attempted attacks and the possibility that some threats are state sponsored, federal government security professionals that are responsible for the nation’s information must do everything possible to minimize the attack surfaces provided to our advisories. The days when security was provided by a firewall and an antivirus product are long gone.

We must utilize a Defense-in-Depth strategy to minimize our vulnerabilities. Defense-in-Depth relies on layers of defensive technologies joined together into a mesh. Properly designed and implemented, Defense-in-Depth strategies can provide a high level of fortification for our enterprises. These layers have typically been comprised of products such as: firewalls, DMZ’s. Intrusion Prevention Systems, encryption technologies, VPN’s and antivirus products. Stopping short of the goal of complete protection, our endpoints have been a particular problem for security professionals. For years, protection for our endpoints has been based on blacklisting used in antivirus products. We all know that blacklist based antivirus products have their shortcomings. Application whitelisting based products not only overcome the shortcomings of antivirus products, but add addition functionality that most antivirus products do not or cannot perform.

“Lockdown” application whitelisting is a technology that has been around for many years and has been successfully deployed in narrowly focused controlled environments such as SCADA systems and fixed function devices. Advanced Threat Protection, which encompasses application whitelisting as well as memory protection and trusted change mechanisms, has matured to the place where it is being deployed and successfully maintained in large enterprises, including the Federal Government.

Many of the new threat vectors take advantage of vulnerabilities that other portions of the Defense-in-Depth stack cannot defend against. As security professionals, we have seen many breaches over the last 16 months that have one thing in common: a user on an endpoint within the organization or its ecosystem (like a defense contractor). People make mistakes, and we have to protect them (and our organization) as best we can.

Social engineering techniques make it easy to get a person to make a mistake and set off a malware attack; it happens every day. Once an attack has started, the perpetrator wants to have some form of payload (malicious code) loaded onto the user’s machine or leverage it to other systems inside the network. IDS and antivirus providers do a decent job at stopping this threat as long as they have seen it in the past and have developed hash values for the known malware. What these providers cannot stop are the threats that are zero-day (never seen before malware) and memory based attacks. Memory based attacks happens when malware is loaded into memory space of an already running program and can be executed from there. These memory attacks (e.g., DLL injections, Reflective injections) are hard and almost impossible to detect. It is imperative that any application control, application whitelisting or malware detection programs that you are considering have the full and complete ability to stop and report upon any and all in memory attacks. There are a few vendors that claim to have memory protection but very few that are able to do the job completely and correctly. Before you buy any of these products, make sure you do a full and complete set of penetration tests against these products to assure you are getting what they are trying to sell you.

We security professional must combine our tools and techniques into a successful formula in order to provide security for our enterprise and compliance with the regulations.

My Formula for Continuous Monitoring and Control.

(FW + DMZ + HIPS/NIPS + Crypto +VPN + AV + AC/AW) * SOC/NOC/Reporting

Event Mitigation

The first part of the formula: (FW + DMZ + HIPS/NIPS + Crypto +VPN + AV + AC/AW) is the portion that is your Defense-in-Depth mesh woven together in part or in whole by your security team.

The second part of the formula: * SOC/NOC/Reporting is the daily monitoring of events that occur within each and every security product within your domain; hopefully, correlated together into some manageable form via a SOC, NOC or reporting mechanism.

STOP!!!

For us to be compliant with the Continuous Monitoring regulations in FISMA, we are done, right? Well yes, you can stop here and be compliant under the mandates, but have you accomplished real security in your relative domain or are you just filling out paperwork? If you stop here, you are doing yourself and this nation a disservice. The gist of the FISMA requirements are that the agencies must do monthly reporting of inventory assets, as well as the continuous monitoring and reporting of security controls. The key here is that the regulations mention security controls and do not mention security threats. This is where we must go above and beyond the letter of the law to truly perform our duties. So, please, by all means, do the paperwork, follow the regulations, but don’t stop there.

GO…

The final part of the formula: Event Mitigation is where the rubber meets the road, where you take action and move towards fixing the issues that have been uncovered. Without mitigation of the issues, you have not achieved real security. Vindicate yourself, your team and your organization. 

Grab the Grail…