We hope you enjoyed reading about Erin Jacobs last week. In this edition of SPoT, we offer you another respected security professional, and one who comes highly recommended by Ms. Jacobs – Jennifer Jabbusch.
SPoT: Jennifer Jabbusch / @jjx
Ms. Jabbusch is an experienced network security engineer and consultant at Carolina Advanced Digital. She holds a CISSP, among other certifications, and she also maintains the Security Uncorked, JJ’s Complete Unofficial Guide to Infosec blog. Jennifer has consulted with a wide range of organizations and government entities, and she is also involved in various trainings and coursework to help share her security-related learnings.
Real Name: Jennifer Jabbusch
Twitter Handle: @jjx
Top 3 Social Media/Networking Sites:
LinkedIn, Facebook, Twitter
1. In which area(s) of security are you most involved?
Network & Infrastructure Security
2. What security topics will be the most important in the next 18 months? Why?
I could make up some great exciting answer here, but the truth is each organization is going to have their own top-priority security concern. Right now, I’m seeing trends from enterprise and government in wireless security, VoIP and the continuation of investigation in cloud and hosted security issues. In about 8-12 months, I think we’re going to see a renewed interest in the wired security standards that are coming with IEEE’s 802.1X-REV because of the complete re-tooling of thought that will accompany it.
3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
The intricacy of integration. The business side is used to solving problems with boxes. In the current network security environment, our solutions require an extensive amount of planning and integration between systems; you can’t simply install a magic box and make the problems go “bye-bye” any more.
4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
Several of my security colleagues dragged me in to Twitter prior to a major security conference. I found it was a great way to share ideas, find others in my specific niche, and get feedback from colleagues. Of course, I definitely picked up a few new blog readers through Twitter, too.
5. Name one security peer whom everyone with an interest in Network Security should follow. (Okay to name 2 if you can’t decide on only one)
Oh my gosh- that’s a hard one! There are so many people I get value from, for a variety of reasons. On the network security side, I’d have to say Mike Fratto (@mfratto) for his unbiased and well-researched thoughts on various topics for Information Week. The next one that pops in my head would be Rich Mogull (@rmogull) because of his involvement in such a variety of interesting security-related projects. In addition to great security topics, these two, along with another dozen or so, keep me laughing each day.
6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
If I don’t own it, manage it, and see it; I don’t trust it. Our company policy mandates that no sensitive data is stored by a third party. We can outsource the services, but we’re not outsourcing the risk when the company’s reputation is at stake.
7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
My favorites are RSA USA, INTEROP Las Vegas, and SecTor. I was most pleasantly surprised with the type of content and level of professionalism at SecTor last year. It’s the one conference I speak at that I get up early for and stay late so I can watch all the other talks. It’s just THAT good!
