The Converging Network

We have another network security blog in the house. Not too far on the heals of Secure64 CEO, Steve Goodbarn, two of his technical guys have decided to join the ranks of the network security bloggers. The blog, www.Paths2Trust.com, is co-authored by Joe Gersch and Bill Worley. Joe, the head of development for Secure64, has taken the lead and started putting up some blog posts while Bill’s been heads-down cranking out DNSSEC product code.

The primary topic of their blog is DNSSEC. Both are active in secure DNS product development and I expect they’all also share some of their experiences with the standards bodies, DNSSEC adoption, and implementing DNSSEC. Both Joe and Bill have the career chops to talk tech and I’m sure we’ll enjoy hearing what they have to say not only about DNSSEC but also their past experiences in networking, RISC computing platforms (in which Bill is an industry pioneer) and other topics of interest.

I enjoy working with all of these guys as part of my Converging Network LLC business. It’s a real pleasure to see them joining the security blogging community. Take a moment to welcome them by checking out both www.paths2trust.com and www.stevegoodbarn.com. You can also check out Steve on his recent SSAATY podcast appearance.

It's always satisfying when someone takes your advice and as a result I'm happy to welcome a new blogger who's decided to join us. The new blogger on the block is Steve Goodbarn, CEO of DNSSEC vendor Secure64. Steve's a client of my business, Converging Network LLC, and we've been talking about doing a blog with two of his other "more technical" executives. But after spending time with Steve it was really clear he has a unique perspective and a great deal of wisdom to share with us. Steve comes from a background as CFO of Janus Funds, so he really understands how businesses (and CFOs in particular) evaluate, assess and justify risks and mitaging costs around security purchases. Plus he's a genuinely nice guy which I'm sure others will discover as they read his blog and meet Steve at various industry events and security blogger get togethers.

Join me in welcoming Steve to the blogosphere and the community of security bloggers. You can find Steve at http://www.stevegoodbarn.com. Steve also recently appeared on SSAATY podcast episode #61 with Alan and me.

Fast on the heals of our podcast with Steve Goodbarn of DNSSEC vendor Secure64, Alan and I whipped up an interview with Mike Rothman to talk shop about security and his goings on at his new company, eIQ Networks. Honestly, I thought Mike had sworn off working for another product company and would never had guessed he’d join someone from the SIM space, so you can imagine I was pretty to surprised to hear Mike found a new home at eIQ Networks. That says a lot about what he thinks about the prospects for eIQ and the kind of team he’s joining. Mike’s been a good friend to me, and many in the security world, and I definitely wish him all the best in his new role at this new company.

Just in case you are wondering, Mike is going to continue blogging at Security Incite and is also launching a corporate blog and podcast at eIQ Networks. Since social media for product companies is something I specialize in myself, I'm interested to see where Mike will take the corporate blogging efforts. BTW, if you'd like to learn more about the social media strategy and product innovation services of Converging Network LLC, please contact me directly.

Check out the podcast here. Enjoy the podcast and email us with any comments, ideas or suggestions. Blessings!

Our guest on SSAATY podcast #61 is Steve Goodbarn, former Janus Funds CFO and now CEO of Secure64, maker of highly scalable and deployable DNSSEC products. DNSSEC has been in the news a lot lately, (Network World seems to be the place where it's covered most), largely because of Dan Kaminsky's talk this summer at Black Hat 2008 in Las Vegas. Now you frequently see articles and blog posts explaining how cache poisoning exploits can be used to hijack not just individual servers but entire domains, right up the path to .com, and . root.

Fortunately solving DNS security isn't as ginormous as stopping global warming but to truly secure DNS then DSNSEC would need to be fully deployed throughout the Internet and will happen in steps over time (as discussed in this blog post.) That's where Steve and the other experts at Secure64 come in. They've developed technology that can both handle the high speed demands of very large DSN infrastructure (and small) and makes DNSSEC much easier to deploy. Both of these challenges are obsticles DNSSEC has faced until now. Secure64 is not only a client on Converging Network LLC (my company) but also someone who I think will be a winner in the new era of domain sercurity services.

In the podcast Steve gives Alan and me his take on the DNS security issues and how Secure64 tackles these problems for their customers. Steve and some of the technical leaders are getting into blogging, with a little prodding and assistance from yours truly. Steve's blog is at www.stevegoodbarn.com. Secure64's CTO, Bill Worley, and VP of engineer, Joe Gersch (read more about them both here) also have their own blog at www.paths2trust.com.

If you'd like to learn more about the social media strategy and product innovation services of Converging Network LLC, please contact me directly.

Check out the podcast here. Enjoy the podcast and email us with any comments, ideas or suggestions. Blessings!

Alan and I are getting back into the swing of doing podcasts regularly again. I guess since we don't work together every day any longer, this is a way we maintain our industry connection along with our personal friendship. Alan's ying and I'm yang. He's "click" and I'm "clack". (An NPR Car Talk radio show reference.) He's a former New York lawyer, I'm Nebraska small town guy. He's loud and opinionated, I'm quiet and informed (lol). We once had a COO candidate interviewing with our company who first interviewed with Alan and then talked with me. After we both got a better understanding of each other, she said "You and Alan must really hate each other. I'll bet you go at it all the time. You're both so different." She was pretty shocked when I told her we actually were really close friends and have a great time working together. I really enjoy Alan's friendship.

When time came to do our podcast again, Alan called me and said "Lets do one. Got any guests?" I'm working on getting a couple of guests lined up but I didn't have anybody ready yet. So he said, "Lets check on Twitter." Trolling for guests on Twitter -- how funny, I thought by hey why not. Literally seconds later, Mike Murray responded saying he'd join us. Mike had just turned on his cell phone and see our Twitter message while his plan was headed to the gate. So the sound is a bit rough (Mike was in an airport) but having him on the show was well worth it. On this episode we talk with Mike about why signature-based security product do and don't still matter, how IT spending less will impact security, and experiences working with security professionals who don't seemingly have as much security training. Of course a good bit of our discussion centers around the US economy, or lack of one depending whether you believe we've hit bottom or there's a ways yet to go.

Check out the podcast here. Enjoy the podcast and email us with any comments, ideas or suggestions. Blessings!

This week Bill Brenner, senior editor at CSO Online, joins Alan and me to discuss the impact the financial crisis will have on security in enterprises, small businesses and the security industry itself. We're likely to see a lot more federal regulations and this could actually be good for network security (see my Network World blog post about recessions, transparency and network security.) The interview is also a good insight into the world of a media writer/editor, as Bill shares why he move from reporting on the everyday security news to his new position where he gives his own insights and comments into what's happening.

Alan and I also talk about a host of items including the every evolving M&A activity in the security industry, Apple's wonderful blackbox "we know better" iPhone (which wiped out all of Alan's music during a recent upgrade), and "green IT" press releases by Mirage Networks and others.

Enjoy the podcast. If you are interested in sponsoring the podcast, feel free to contact us.

It's that time again and we really have a "big show" for you with episode 57 of the SSAATY Podcast. Industry veteran and luminary Tom Noonan joins Alan and me. Unless you are new to security, you know that Tom was the co-founder of Internet Security Systems (ISS) which was sold and is now part of IBM. Through ISS, Tom helped make intrusion detection, vulnerability management, unified threat management, and security research (through the X-Force team) commonplace within the security industry.

Tom's now retired from IBM following ISS's integration into the company and is now on the advisory board of Rohati. Rohati provides Network-Based Entitlement Control (NBEC), offering the Rohati TNS 100, 500 and Central Management System products. Tom's excitement about Rohati and the Rohati team is clear and you can tell he's enjoying his advisory role with the company.

During the podcast, we reflect on Tom's early experiences with ISS and how that has shaped and relates to today's security industry. Tom's view is that it's still early in the life of the security industry and there's ample opportunity for new companies and technologies to emerge and make an impact.

Whether you are a security newbie or veteran, you'll find the interview with Tom informative and inspiring, so join Alan and me in welcoming Tom to episode 57 of the podcast.

As a wrap up, Alan and I talk about some of the acquisition rumors, including Citrix being in play with Microsoft, Cisco and IBM, and Juniper is looking at Aruba and Meru Networks. Alan also applies some smackdown on Mirage Networks for making such a big deal about running their NAC product as a virtual software appliance. Alan also surprises us with his less than enthusiastic experience with his iPhone 3G, and surprisingly is ready to bring back his Microsoft Windows Mobile 6 phone in place of the iPhone. I'm glad Alan's finally seen the light and sees Apple for what it is, a closed hardware and closed software company that's more about cool fads and cultish followings than easy to use, functional, customer centered products. Since recording the podcast, Apple's now taken to banning competitive products from App Store too! Looks like Alan isn't the only one with iPhone buyer's remorse.

Remember to send us your comments and questions to podcast@stillsecure.com. You can also subscribe to the podcast via iTunes or at http://ashimmy.podomatic.com.

The latest installment of the SSAATY podcast is up and available. Michael Montecillo, a security practitioner and analyst with Enterprise Management Associates, stops by to join Alan and me on the podcast. After tricking Michael into a setup Brazilian Jujitsu match with Chris Hoff, we turn our attention to more serious matters; the roll of analysts in the network security industry. The discussion covers the influence analysts have on a vendor's fate, how much vendors can influence analysts and their coverage, and just how reliable predictions are by analysts. We have a good bit of fun and I know you'll enjoy the podcast.

The podcast was recorded in the Medioh studios in Boulder, Colorado, by Medioh CEO Scott Converse. Special thanks to Scott for hosting us one again and acting as our podcast sound engineer.

We have a new URL for the podcat, http://www.ssaatypodcast.com if you'd like to subscribe to the RSS feed or listen to other episodes.

Enjoy the podcast!

A former co-worker and security software developer dude Joe Webster  started up his own blog, Security For All (http://secforall.info). Joe joined StillSecure back when I was CTO and I remember he was interested in the whole blogging and podcasting thing back even then. Hey, Joe... I'm surprised it took you so long to start the blog! :)

Seriously, Joe's not only a sharp guy but is also dedicated to improving securty. Plus, he's a really nice guy and great keyboard/composer. So check out Joe's new Security For All blog. He has a good post up there in response to one of Joel Snyder's videocasts about Network Access Control.

Yesterday I recorded a podcast about Power IT Down Day. I'll be posting the podcast to my Network World Converging On Microsoft Podcast first part of next week. Power IT Down Day is an initiative set up by Citrix, HP and Intel, to get everyone to fully power down their desktop and laptop computers, and associated monitor, printers, powered speakers, etc. during the off work hours on August 27th. I say fully power down because even hitting the power button on monitors and laptops, for example, doesn't mean they aren't sucking up juice through their standby modes and transformers. Better yet, power it all down, by hitting the power switch on the power strip plugged into the wall.

The idea behind Power IT Down Day is to help all of us be aware, and also to try and start some behavior changes, to save electricity consumed by our individual computers while we're not working at our desks.  According to my podcast guest Tom Simmons, area Vice President Federal at Citrix, many are projecting we could see electric power costs soar in the future similarly to how gas prices skyrocketed this summer. California already suffers rolling brown outs and a lack of power for data centers. The seemingly unlimited low cost power we take for granted today, like the low cost gasoline of the past, could become a scarce and expensive resource in the future.

I'll save some of the specifics behind the program for the coming podcast, but until then please visit http://www.hp.com/go/poweritdown and sign up for the program. Based on the estimated power savings from powered down PCs at participating companies, Citrix, HP and Intel will donate an approximated savings amount the Red Cross. (Personally I wish they were donating the money to help us build more wind farms, or create hydrogen powered cars and fueling stations in the U.S.) I think this is a great program and I hope you'll participate.

Power IT Down Day is a socially conscious conservation effort: Help users, through their company's participation, understand the impact of needlessly leaving computers running during off work hours. That's good stuff, and well worth doing. I hope we change some habits and conserve power as a result. I've already started changing some of my power munching habits just after hearing about the program. But, I think we should tackle something closer to the heart of the problem: designing greener products.

Do monitors, printers, computer motherboards and power supplies, etc., really need to operate in standby mode where they continue to consume power? What's it save us, 10, 5, 3 or 1 seconds to start up our devices faster? Are we that pressed for time or that lazy? Why can't laptop power supplies (bricks) have a built in sensor that determines when laptop batteries no longer need charging, and then fully turn off the transformer? I'm sure those are just a few of the obvious examples and there are many more that could save even more energy.

I have the same beliefs about network security. Educating users only marginally helps the problem. The real issue is designing products that are fundamentally more secure or can automatically configure themselves securely rather than relying on end users to deem what programs should/shouldn't talk through a personal firewall, for example. Same with conserving energy. Fix the problem of creating greener products.

I call on product designers to design products than consume less or no energy, including periods when they might experience light or almost no use, rather than relying on end users to know and act to conserve energy. If you need help understanding how product design decisions impact the "greenness" of a product, and want to know how to design greener products, check out a company called Sustainable Minds (I'm an advisor to this company), their Okala methodology and their green product design industry expert blog. Help us all by starting at the source, creating greener products from the get-go.

And remember to sign up for Power IT Down Day, and most importantly, turn off all that computer equipment when you leave work on August 27th, and every day for that matter.