Odd SOCs

if you hold a CISSP certification please take the time to read Wim Remes' manifesto for change. I fully support his proposed changes, and I encourage everyone to vote for him in the elections that start today.

Vote for Wim on the ISC(2) site here;

For convenience I've enclosed details from Wim's site below:

"On August 19th I received the yearly e-mail from (ISC)2 where they informed me of their yearly board elections that will take place as from November 16th.

While I respect everyone currently slated for the ballot, I always cringe a little when I look back of yet another year where the divide between what I consider the infosec community of which I am a vocal participant and the institution ISC2 has become. I could spend another year on the sideline watching the gap grow bigger OR I can try and BE the change that A LOT of my online and real life friends are waiting for.

This is my official petition page to have my name added to the election ballot on November 16th.

If I’m to become a member of the (ISC)2 Board of Directors I will strive to do the following in the three years that I will be given the opportunity to be the change you are all looking for:

• A closer collaboration with the information security community at large. This means recognition of what is currently considered to be an outlawish community but what I consider as a treasure trove of knowledge and capability that remains untapped. Either because we are afraid of what we don’t understand or because hackers are still suffering from a bad image. Not in my book!
• A review of the certification requirements for the flagship (ISC)2 certification, the CISSP, in order to bring it back to the level it once was on. Ideally with the incorporation of more in-depth requirements on a technical level, requirements in soft skills and, possibly, the addition of a written paper requirement that would show the knowledge the candidate has acquired during the learning process. This last requirement would feedback into the community becoming a valuable resource for security professionals globally.
• I am from Europe. I still feel that many of the subject covered by (ISC)2 and other organizations are focused on the US. My goal is to widen the efforts to a global approach that brings communities from different continents together instead of seperating them further. While there is a different in laws, culture, etc. across continents, I firmly belief that we have more in common and there needs to be a better collaboration
  in order to address the security challenges we have coming at us.
• With my work on the Penetration Testing Execution Standard (PTES), Infosec Mentors, Brucon, Eurotrash Security Podcast and other global initiatives I want to encourage the members of (ISC)2 tobecome a part of the community that I consider so valuable. 

About Me

This is not about me but apparently I need some kind of bio. I am Wim Remes (CISSP ), working in IT for 14 years now and passionate about security for over 10 of those. I have not graduated from any posh university but who cares right? I’m currently working for a Big4 company in Belgium as a Security Consultant. I will add extra information to my bid page as soon as possible.
In the mean time, please take the time to send me that e-mail and spread the link to this page as wide and as deep as possible. I need 500 signatures to my petition before September 19th. If you want passion on the (ISC)2 Board of Directors, you know what to do!

I attended the CISO's Den event today on HMS President on the River Thames, organised by the London Information Systems Security Association (ISSA) Chapter.

The event was excellent, despite me having the unique experience of being slightly seasick while watching vendor pitches (normally vendor presentations, on their own, make me feel sick). HMS President originally put to sea in 1917, way before air conditioning. Having 100s of CISOs in suits in a big tin box in a very hot day

The presentations were limited to 10 minutes, which really separated the men from the boys.

A couple of presentations stood out for me: Wave's empassioned plea for us to use the Trusted Platform Module functionality built into many of our systems - "its there already, just try it"; and Sophos' very concise view of commoditisation of IT and productisation of malware. Other presentations included Web-application security, discovery of I appropriately shared documents, an MSSP and vulnerability assessment,

Splunk laid into the SIEM space saying relational databases and normalisation limits the usefulness. Not sure I agree that there is validity in a Log Management vs. SIEM argument, they are both needed but each perform different function. It's all well and good saying dump everything in a unstructured repository, but normalisation and correlation are required to stop your SOC drowning under the sheer volume of events.

The Tripwire Sales Engineer's presentation was then quite bitchy about Splunk, quoting their relative positions on the Gartner quadrant and saying knowing that an event has happened is pointless without knowing what has changed (impact).

Ironically both Tripware and Splunk were trying to prove credibility, not by the amount of enterprise customers they each have, but rather around the amount of commodity systems they're logging - car park barriers, ticket machines, etc.

Another classic line of the day was the MSSP saying "all our analysts are CISSP and GCIH certified, if you don't know what that means, it means they know what they're talking about" - this made me spit my drink out over my shirt.

Today sees the release of Ubuntu's latest version of their linux distribution, 11.04 codenamed Natty Narwhal.  Until Canonical head-huncho Mark Shuttleworth announced the codename of this release last August, I had been blissfully unaware of what a narwhal was, it seems it is a type of arctic whale.

I had used 11.04 in both Alpha 1, although 'use' in this context is a very loose term as it was an alpha release, and Beta 2.  Beta 2 only came out recently and didn't seem quite baked so I am curious as to how stable and finished the release is.

I don't normally drop new Ubuntu releases onto my production boxes as they normally break a lot of the security tools I use (the upcoming release of BackTrack 5 is based on Ubuntu 10.04, which is now a year old), so I'll be sticking with 10.10 for a while on those machines.  I have, however, got it running over a virtual machine on my main MacBook Pro and I am going to try and work out which tools will run on it and which won't.

What I am really looking forward to is BackTrack 5 whose release is only a couple of weeks away.  They will now be supporting both 32-bit and 64-bit and have changed the menu layout to follow the testing methodologies of OSSTMM and PTES.

Ubuntu 11.04 can be downloaded from the Ubuntu Downloads Page.