The Converging Network

We have another network security blog in the house. Not too far on the heals of Secure64 CEO, Steve Goodbarn, two of his technical guys have decided to join the ranks of the network security bloggers. The blog, www.Paths2Trust.com, is co-authored by Joe Gersch and Bill Worley. Joe, the head of development for Secure64, has taken the lead and started putting up some blog posts while Bill’s been heads-down cranking out DNSSEC product code.

The primary topic of their blog is DNSSEC. Both are active in secure DNS product development and I expect they’all also share some of their experiences with the standards bodies, DNSSEC adoption, and implementing DNSSEC. Both Joe and Bill have the career chops to talk tech and I’m sure we’ll enjoy hearing what they have to say not only about DNSSEC but also their past experiences in networking, RISC computing platforms (in which Bill is an industry pioneer) and other topics of interest.

I enjoy working with all of these guys as part of my Converging Network LLC business. It’s a real pleasure to see them joining the security blogging community. Take a moment to welcome them by checking out both www.paths2trust.com and www.stevegoodbarn.com. You can also check out Steve on his recent SSAATY podcast appearance.

Fast on the heals of our podcast with Steve Goodbarn of DNSSEC vendor Secure64, Alan and I whipped up an interview with Mike Rothman to talk shop about security and his goings on at his new company, eIQ Networks. Honestly, I thought Mike had sworn off working for another product company and would never had guessed he’d join someone from the SIM space, so you can imagine I was pretty to surprised to hear Mike found a new home at eIQ Networks. That says a lot about what he thinks about the prospects for eIQ and the kind of team he’s joining. Mike’s been a good friend to me, and many in the security world, and I definitely wish him all the best in his new role at this new company.

Just in case you are wondering, Mike is going to continue blogging at Security Incite and is also launching a corporate blog and podcast at eIQ Networks. Since social media for product companies is something I specialize in myself, I'm interested to see where Mike will take the corporate blogging efforts. BTW, if you'd like to learn more about the social media strategy and product innovation services of Converging Network LLC, please contact me directly.

Check out the podcast here. Enjoy the podcast and email us with any comments, ideas or suggestions. Blessings!

Our guest on SSAATY podcast #61 is Steve Goodbarn, former Janus Funds CFO and now CEO of Secure64, maker of highly scalable and deployable DNSSEC products. DNSSEC has been in the news a lot lately, (Network World seems to be the place where it's covered most), largely because of Dan Kaminsky's talk this summer at Black Hat 2008 in Las Vegas. Now you frequently see articles and blog posts explaining how cache poisoning exploits can be used to hijack not just individual servers but entire domains, right up the path to .com, and . root.

Fortunately solving DNS security isn't as ginormous as stopping global warming but to truly secure DNS then DSNSEC would need to be fully deployed throughout the Internet and will happen in steps over time (as discussed in this blog post.) That's where Steve and the other experts at Secure64 come in. They've developed technology that can both handle the high speed demands of very large DSN infrastructure (and small) and makes DNSSEC much easier to deploy. Both of these challenges are obsticles DNSSEC has faced until now. Secure64 is not only a client on Converging Network LLC (my company) but also someone who I think will be a winner in the new era of domain sercurity services.

In the podcast Steve gives Alan and me his take on the DNS security issues and how Secure64 tackles these problems for their customers. Steve and some of the technical leaders are getting into blogging, with a little prodding and assistance from yours truly. Steve's blog is at www.stevegoodbarn.com. Secure64's CTO, Bill Worley, and VP of engineer, Joe Gersch (read more about them both here) also have their own blog at www.paths2trust.com.

If you'd like to learn more about the social media strategy and product innovation services of Converging Network LLC, please contact me directly.

Check out the podcast here. Enjoy the podcast and email us with any comments, ideas or suggestions. Blessings!

Alan and I are getting back into the swing of doing podcasts regularly again. I guess since we don't work together every day any longer, this is a way we maintain our industry connection along with our personal friendship. Alan's ying and I'm yang. He's "click" and I'm "clack". (An NPR Car Talk radio show reference.) He's a former New York lawyer, I'm Nebraska small town guy. He's loud and opinionated, I'm quiet and informed (lol). We once had a COO candidate interviewing with our company who first interviewed with Alan and then talked with me. After we both got a better understanding of each other, she said "You and Alan must really hate each other. I'll bet you go at it all the time. You're both so different." She was pretty shocked when I told her we actually were really close friends and have a great time working together. I really enjoy Alan's friendship.

When time came to do our podcast again, Alan called me and said "Lets do one. Got any guests?" I'm working on getting a couple of guests lined up but I didn't have anybody ready yet. So he said, "Lets check on Twitter." Trolling for guests on Twitter -- how funny, I thought by hey why not. Literally seconds later, Mike Murray responded saying he'd join us. Mike had just turned on his cell phone and see our Twitter message while his plan was headed to the gate. So the sound is a bit rough (Mike was in an airport) but having him on the show was well worth it. On this episode we talk with Mike about why signature-based security product do and don't still matter, how IT spending less will impact security, and experiences working with security professionals who don't seemingly have as much security training. Of course a good bit of our discussion centers around the US economy, or lack of one depending whether you believe we've hit bottom or there's a ways yet to go.

Check out the podcast here. Enjoy the podcast and email us with any comments, ideas or suggestions. Blessings!

This week Bill Brenner, senior editor at CSO Online, joins Alan and me to discuss the impact the financial crisis will have on security in enterprises, small businesses and the security industry itself. We're likely to see a lot more federal regulations and this could actually be good for network security (see my Network World blog post about recessions, transparency and network security.) The interview is also a good insight into the world of a media writer/editor, as Bill shares why he move from reporting on the everyday security news to his new position where he gives his own insights and comments into what's happening.

Alan and I also talk about a host of items including the every evolving M&A activity in the security industry, Apple's wonderful blackbox "we know better" iPhone (which wiped out all of Alan's music during a recent upgrade), and "green IT" press releases by Mirage Networks and others.

Enjoy the podcast. If you are interested in sponsoring the podcast, feel free to contact us.

It's that time again and we really have a "big show" for you with episode 57 of the SSAATY Podcast. Industry veteran and luminary Tom Noonan joins Alan and me. Unless you are new to security, you know that Tom was the co-founder of Internet Security Systems (ISS) which was sold and is now part of IBM. Through ISS, Tom helped make intrusion detection, vulnerability management, unified threat management, and security research (through the X-Force team) commonplace within the security industry.

Tom's now retired from IBM following ISS's integration into the company and is now on the advisory board of Rohati. Rohati provides Network-Based Entitlement Control (NBEC), offering the Rohati TNS 100, 500 and Central Management System products. Tom's excitement about Rohati and the Rohati team is clear and you can tell he's enjoying his advisory role with the company.

During the podcast, we reflect on Tom's early experiences with ISS and how that has shaped and relates to today's security industry. Tom's view is that it's still early in the life of the security industry and there's ample opportunity for new companies and technologies to emerge and make an impact.

Whether you are a security newbie or veteran, you'll find the interview with Tom informative and inspiring, so join Alan and me in welcoming Tom to episode 57 of the podcast.

As a wrap up, Alan and I talk about some of the acquisition rumors, including Citrix being in play with Microsoft, Cisco and IBM, and Juniper is looking at Aruba and Meru Networks. Alan also applies some smackdown on Mirage Networks for making such a big deal about running their NAC product as a virtual software appliance. Alan also surprises us with his less than enthusiastic experience with his iPhone 3G, and surprisingly is ready to bring back his Microsoft Windows Mobile 6 phone in place of the iPhone. I'm glad Alan's finally seen the light and sees Apple for what it is, a closed hardware and closed software company that's more about cool fads and cultish followings than easy to use, functional, customer centered products. Since recording the podcast, Apple's now taken to banning competitive products from App Store too! Looks like Alan isn't the only one with iPhone buyer's remorse.

Remember to send us your comments and questions to podcast@stillsecure.com. You can also subscribe to the podcast via iTunes or at http://ashimmy.podomatic.com.

The latest installment of the SSAATY podcast is up and available. Michael Montecillo, a security practitioner and analyst with Enterprise Management Associates, stops by to join Alan and me on the podcast. After tricking Michael into a setup Brazilian Jujitsu match with Chris Hoff, we turn our attention to more serious matters; the roll of analysts in the network security industry. The discussion covers the influence analysts have on a vendor's fate, how much vendors can influence analysts and their coverage, and just how reliable predictions are by analysts. We have a good bit of fun and I know you'll enjoy the podcast.

The podcast was recorded in the Medioh studios in Boulder, Colorado, by Medioh CEO Scott Converse. Special thanks to Scott for hosting us one again and acting as our podcast sound engineer.

We have a new URL for the podcat, http://www.ssaatypodcast.com if you'd like to subscribe to the RSS feed or listen to other episodes.

Enjoy the podcast!

I like to talk about innovate products and Xobni, the plugin for Outlook, definitely fits the bill. I blogged about Xobni on my NWW blog back in February and as you can tell from that post, I was and still am excited about Xobni. Unlike most things that get installed on my computer only to be removed a few days or weeks later, the "coolness" of Xobni hasn't worn off. More importantly the usefulness of Xobni causes me to have it stick around and take up real estate in my Outlook window. But Xobni isn't perfect, either. I see some real challenges to be able to truly gain the benefits it could bring to email, but we'll talk about that in a moment.

Here's a video tour of Xobni. Also check out my podcast interview with Matt Brezina, co-founder of Xobni. I'm starting to do more product reviews and strategy work as part of my Converging Network business, which is a pleasure since I enjoy working with and assessing new products and trends anyway.

(Contact me if you are interested in finding out more about my Converging Network product strategy services.)

Xobni - The Movie

Xobni - Email's New Connection To People

Now that Xonbi integrates with LinkedIn, I find that I use it a lot more. It's actually the little features I Xobni I like most. Showing someone's portrait loaded up on LinkedIn when I click on their email makes the connection to that person even more real. It makes email just a little more personal. And, if I don't know them well, it's easy to go learn about the person from their LinkedIn profile. (You have a LinkedIn profile with a picture uploaded don't you? Here's mine. Lets connect!)

One of the most useful things about Xobni is knowing the email habits of the people I converse and work with regularly. The little bar chart showing the distribution time of emails received from them throughout the day lets me know when they are more likely to read the emails I send, or take my call. This could also be invaluable to a sales person looking to reach clients, though I'm not sure people these days answer phone calls from people they don't know. (Sales people tell me virtually no one answers their business phone much any more.)

Xobni - Changing How You Use Email

It's rare for me to keep a gadget or plugin around for long. Their installed half-life is usually about 2 days, or no more than two weeks on my computers. So you know Xobni must be delivering something of value, especially given the screen real estate it takes in Outlook.

Changing how you use email is a double-edged sword, as I'll talk more about in a moment. I find the attachments ("Files Exchanged") section of the Xobni plug-in one if it's most useful functional features. It can prevent a lot of searching for the right email with the right attachment, and you can dig in deeper if you want to see the email or email thread the attachment was a part of.

I haven't found that I use the "XYZ's Network" section (where it shows you other people who have been in conversations with you and this person) as much as I thought I would. It's a great idea, but I just haven't added that capability into my email use thought patterns for some reason. The "Email Conversations" thread is also something that I don't use much, mostly because I don't find the way the threads are presented as being that useful. I'll say some more about this down below.

Xobni - Kudos For Being A Well Behaved Outlook Plugin

My first rule of all plugin is "be useful". I really don't need an Adobe Acrobat plugin for Outlook or PowerPoint. Is use the print driver to create pdf files. Same for screen captures. That's why I have SnagIt. So, unless there's a really good reason why this plugin is needed, don't create them in the first place, and certainly don't install them by default. Xobni definitely meets the "be useful" criteria.

The second rule is "don't create other problems". How many times does your Outlook crash because of some funky plugin or software incompatibly. It seems virtually guaranteed that if any other software other than Outlook touches your pst and ost files, you're doomed for the dreaded "Not Responding" message. I have to say that I've had relatively few problems with Xobni and Outlook. Not that its never happened, as I have encountered a few situations where Xobni had the files open that Outlook needs in order to start properly. But the problems and crashes have been very, very few.

Kudos to the Xobni team for figuring out how to do this. They should bottle up whatever they are doing and help all the other software guys figure out how to do the same.

Xobni - The Challenge Of Getting The Benefits

Xobni has two big challenges in my view. First, all of Xobni's capabilities are constrained by being in an Outlook sidebar plugin. There's limited screen real estate, and it's mostly vertical. Networks of people (lists), conversations (lists), viewing email threads, all have to be viewed in this small area and it does detract from its usability and usefulness. Because of this, I don't use the email threads feature much at all, and the relatively static content (time distribution bar graph, email stats, portrait and contact info) are the things I look at and use most. It's a tough row to hoe being in a sidebar and Xobni would be much more useful if it was integrated into the email client itself. Tell me again why Microsoft hasn't gobbled up Xobni by now? Hmm.

Xobni also implies multiple user behavior changes to access its benefits. We use email clients so frequently everyday, all through the day, that the use case habits we've formed with Outlook are hard very to break. Instead of sorting back and forth between sender and sent date in order to locate what I'm looking for, you have to break that habit and look in the Xobni sidebar for what you might hunting to find. You have to remember "oh, there's another way to find the last version of that attachment sent to Bob", and go over and use Xobni to do that. On the flip side, being an Outlook sidebar plugin is an advantage over being a separate application from Outlook all together.

Breaking patterns and habit changes are something every product faces to varying degrees, but email's so heavily used that those habits are more difficult to break.

Xobni - Conclusion: Download It. You'll Use It.

Download Xobni. I think that title pretty much sums it up.

Welcome to podcast #55. This week Alan and I are joined by security practitioner Jenifer Jabbusch (JJ) who also blogs at Security Uncorked.

Jennifer took a real liking to 802.1X early on, became a believer, and now regularly implements 802.1X for her customers, which course has expanded into NAC as well. It was great to have her on the show so we could talk to someone who does this work regularly, rather than Alan and I who simply create the products and like to blab about implementing it.

During the podcast we talk 802.1X, NAC, the analyst's views on NAC (JJ has some pretty blunt thoughts on this one), and a company called Rohati.

Alan and Richard Steinnon have been going at each other recently about Rohati. Just looks to me like Stiennon is back to his two favorite hobbies; ranking on NAC (because he's still smarting about that Gartner IPS doomsday prediction), and finding any opportunity to poke Shimel in the eye with a stick. I'm amazed at how little true innovation there seems to be in the security industry these days and I have my doubts about Rohati being more than a fancy "layer 7" inline proxy-like device. Looks like another group of Cisco ejects creating a product four years ahead of Cisco's plans so they can sell the company back to Cisco! It's worked in the past so why not do it again. Rohati's not something I think's going to take the world by store, but hey, that's why we have blogs and podcasts so we can debate this stuff.

And as usual, Alan and I are up to our crazy antics on the podcast. Thanks to JJ for putting up with it too. Enjoy the podcast and please drop us any suggestions or questions at podcast@stillsecure.com.

mp3 file

I know that not everyone who reads blogs also likes to listen to podcasts, and visa versa. So I decided to try something different and see how readers and listeners like it. I call it a "micro-podcast". (Let me know if you think of a better name.)

Last week while at the SaaS Summit conference in San Francisco, I interviewed Michael van Dijken, head of marketing Microsoft's efforts to support the hosting and SaaS software market segments. I posted the interview with Microsoft's van Dijken up on my Network World Converging On Microsoft blog using this new format. The interview was recorded with my micro-recorder podcast unit.

What I've done is break up the interview recording into snippets, or micro-podcasts, wrapped in blog narrative with my lead in and comments for each portions of the interview. The idea is just to listen to the parts of the recording you want to hear, rather than listen through the entire recording just to get to the topic you're interested in. And, if you wish to hear the full, unedited interview recording, just go to the bottom of the blog post and listen to the full interview instead of the broken up segments.

If you have a moment to check it out, please do so and let me know your feedback about this idea. Do you like it? Is it easier to read and listen to? Does that format work for you? What suggestions do you have for improving it?

Let me know your thoughts. Thanks.