Another year has come and gone.
I went back to Shmoocon, and then I went to FETC for the first time. Both interesting in their own way, both informative. Depending on your specific working environment, both are worth a look.
The experience of going from the world of deep security to the world of Educational Technology did drive home the need to better communicate. Specifically, the security world is doing a terrible job of explaining why security basics are important to schools. I heard any number of vendors on the show floor talk about their security tools, and even some workshop sessions talk about what to defend against. None of them talked about what it means to defend a network, what should be taught to teachers AND students, what should be prioritized.... What needs to be done BEFORE you buy the blinky-box or the pen-test service. No one said "learn your network, learn your inventory, close the obvious holes, learn what's normal and look for anomalies."
I am not going to rant (much) on this subject. Instead, I will try (again) to put basic starter activities down on paper (blog) and see if it helps anyone.
Plus a quick review of my favorite Shmoocon and FETC talks.
Stay tuned....
