Welcome to our third installment of Security Pros on Twitter (SPoT).
This week we offer you Erin Jacobs, the first of two female Security Pros who have agreed to participate in the SPoT series. Ms. Jacobs goes by “SecBarbie”, or Security Barbie, on Twitter, a nickname she adopted after attending a SANS Conference in 2003. We won’t steal her thunder by telling the story in our own words, but you can read it for yourself on the About page for her blog, Security Sociability.
SPoT: Erin Jacobs (@SecBarbie)
Real Name: Erin Jacobs
Twitter Handle: @SecBarbie
Top 3 Social Media/Networking Sites:
Twitter, FriendFeed, foursquare
1. In which area(s) of security are you most involved?
By Day: Security Compliance, Policy, and strategic forecasting.
By Night: Social Media Security, OS X Security, Social Engineering, and Tech Addict.
2. What security topics will be the most important in the next 18 months? Why?
Mobile Malware attacks: It’s the most logical and largely unprotected space in corporate networks. With the ease of receiving and housing wonderful bits of malicious data though over-the-air transmission, then bringing it back to sync and spread to corporate network from the inside, this is going to be one sexy topic in the next 18 months.
Social Networking Security Compliance: Controlling information about an organization that is being transmitted outside of company networks, not on company equipment but by employees, is already proving to be challenging. This will lead to ease of Social Engineering attacks, as well as changing the landscape of how security professionals direct their efforts.
3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
Sense of entitlement to be exempt from security controls is, and likely will always be, one of my biggest pet peeves. Network and Information Security is everyone’s responsibility, and more so for key stakeholders. Understanding what key stakeholders perceive as important information and what they would consider damaging to the business if there were to be a breech is key in communicating why exemptions should NOT be made, as well as ensuring adequate controls.
4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
Twitter became part of my life in early 2007, but it wasn’t until I attended an industry conference that I really saw great value. Twitter has proven to be a very powerful networking tool, both professionally and socially. It’s also a fantastic barometer of what is going on in the information security space for me, as I follow a lot of people who author some of the most ground breaking research in that space. Twitter also can prove to be a great release, a place where it is okay to be a real person.
5. Name one security peer whom everyone with an interest in Network Security should follow. (OK to name 2 if you can’t decide on only one)
Ryan Naraine (@ryanaraine)
I’ve followed Ryan about since I first got on Twitter, and his tweets are always extremely interesting and generally full of knowledge or good links. Overall, it’s a great Twitter feed to follow.
6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
Of the top concerns that I see in cloud services especially in social media are the overstated security controls within these multi-tenant environments, as well as the privacy law and regulations in regards to jurisdiction over data based upon physical presence of the hosting.
7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
Look for Barcamps or Bsides conferences in your area, these events are wonderful in that there is little or no cost, and it will build your ability to interface with local security professionals.
SOURCE Conferences are the best conference where price and networking abilities are pristine. Top rated speakers are at SOURCE Boston and SOURCE Barcelona, and with the smaller conference size, networking and actually interfacing with industry experts is a lot easier.
RSA Conference is a networking dream for security professionals on a grand scale. It’s very easy to get lost in the crowd at this conference if you do not have the best social skills.
