Difference between revisions of "Episode184"

From Security Weekly Wiki
Jump to navigationJump to search
Line 35: Line 35:
 
#Please expound on the governance component of Methodvue's mission statement "Methodvue is a private intelligence organization specializing in the discovery and deterrence of complex threats to people, commerce, and governance." The tech side is great at protecting the tech... but we (as an industry in general) are really awful at the "non tech" portion of security.  What are some of the bigger gaps and how can we address them?
 
#Please expound on the governance component of Methodvue's mission statement "Methodvue is a private intelligence organization specializing in the discovery and deterrence of complex threats to people, commerce, and governance." The tech side is great at protecting the tech... but we (as an industry in general) are really awful at the "non tech" portion of security.  What are some of the bigger gaps and how can we address them?
 
#What experiments did you perform on NASA's "Vomit Comet"?
 
#What experiments did you perform on NASA's "Vomit Comet"?
 +
#Yesterday, you [http://blogs.govinfosecurity.com/posts.php?postID=421 published an article] on dealing with China in the post-Aurora world.  What are your thoughts on what happened to Google?
  
 
= Can Chris Nickerson handle a 2 fer? =
 
= Can Chris Nickerson handle a 2 fer? =

Revision as of 14:58, 21 January 2010


Sponsors

  • Tenable Network Security - This episode sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Nessus Professional Feed to detect vulnerabilities in your network today! Tenable – Unified Security Monitoring!
  • Core Security - This episode is also sponsored by Core Security Technologies, helping you penetrate your network. Now version 10.0 with WiFi-fu good to go! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool.
  • Trustwave Spiderlabs - Trustwave's SpiderLabs - providing advanced information security services to planet Earth. Visit them online at trustwave.com/spiderlabs!

Shameless Plugs & General Announcements

PaulDotCom Security Weekly - Episode 184 - For Thursday January 20th, 2010

  • Defensive Intuition - We are also sponsored by Defensive Intuition. Defensive Intuition is the provider of many security consulting services: penetration testing, physical assessments, and social engineering. Defensive Intuition: Owning your boxes, 7 ways to Sunday!
  • Shmoocon - This will be the next big conference that we will all be attending. We will have t-shirts and other special things to give away and sell. No, we are not selling the interns (who will both be there, btw). So come find us at the booth for all things PaulDotCom including free stickers, and PaulDotCom complete works DVDs!


Guest Interview: Eric Fiterman

Eric is a former Special Agent with the Federal Bureau of Investigation and founder of Methodvue. He brings his experience with the FBI in investigating and testifying in complex cases involving threats against the President of the United States, industrial espionage, acts of terrorism, electronic crimes, computer intrusions, and crimes against children.

Questions:

  1. How did you get your start in information security?
  2. What was your path in becoming a Special Agent?
  3. What's a typical agent's career/life like? Is it like "24"?
  4. If a sysadmin finds illegal pron on servers at work, what does the FBI recommend in terms of reporting the situation? Should the sysadmin handle their internal investigation and if so, how?
  5. What will you be presenting at Shmoocon?
  6. How do the other Virtualizations platforms compare when extracting forensic data vs. VMWare?
  7. How do you approach forensics investigations in the "Cloud"?
  8. What are your favorite forensics tools?
  9. Your approach at Methodvue seems to be quite different than most companies that operate in a similar space. Specifically, your "threat intelligence" model seems to be an approach that we at PaulDotCom have been yelling about for a long time. How's this being received by the business community?
  10. Your IR/Forensics approach appears to be more holistic than traditional offerings at other security providers. What are the things IR/Forensics pros need to do to "up" their game?
  11. Please expound on the governance component of Methodvue's mission statement "Methodvue is a private intelligence organization specializing in the discovery and deterrence of complex threats to people, commerce, and governance." The tech side is great at protecting the tech... but we (as an industry in general) are really awful at the "non tech" portion of security. What are some of the bigger gaps and how can we address them?
  12. What experiments did you perform on NASA's "Vomit Comet"?
  13. Yesterday, you published an article on dealing with China in the post-Aurora world. What are your thoughts on what happened to Google?

Can Chris Nickerson handle a 2 fer?

Stories For Discussion

Other Stories Of Interest