Security Pros on Twitter (SPoT): Jeff Kirsch/@GhostNomad

We hope you enjoyed our previous interview with Jack Daniel. We’ve profiled some heavy hitters and thought leaders in the Security Scene, but there are a range of security professionals on Twitter with something interesting and important to say. In an effort to share a well-rounded range of SPs, today we turn our attention to a gentleman who caught our attention early in our tenure in the Twitter-sphere: Jeff Kirsch (a.k.a. @ghostnomad).

SPoT: Jeff Kirsch / @ghostnomad

Jeff describes himself as “Infosec geek, IT risk (yes I am a risk), CISA, husband and father“. As you can tell from his bio, he offers a a nice blend of professional and personal information, with a little fun thrown in, which is precisely what you’ll find in his tweets. Jeff personifies what many of us hope to find on Twitter: “real, interesting, and engaging people.”

Real Name: Jeff Kirsch
Twitter Handle: ghostnomad
Top 3 Social Media/Networking Sites:
Twitter, Linkedin, SecurityCatalyst.com

1. In which area(s) of security are you most involved?
I have been an IT Auditor for the last 8 years. I get to work with many aspects of security, but I find myself always drawn to the core infrastructure. If I am digging into operating systems, databases, or network security, then I am happy.

2. What security topics will be the most important in the next 18 months? Why?
Protecting what provides value has always been and will always be the most important challenge in security. I know that is a broad statement, but the technologies are always changing, thus provide a wide array of potential to the threat landscape. Ultimately, systems that provide a service have value and are targets. Being able to adapt to those trends will be most important.

3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
Business requirements should be built into systems, instead of designing a system for security and then creating exceptions to the controls. Exceptions to security are typically not intended to create security holes; they result from a failure to design all needed business requirements into the security structure. Having good communication between security and business design are important early in a project to close any gaps that may arise.

4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
I originally joined LinkedIn on advice from the Pauldotcom Security Weekly podcast when they discussed protecting your digital identity. It made sense; even if I had limited information available on my own profiles, that is better than having inaccurate information freely available. I jumped on Twitter later because it seemed the place to be. I thought I would just lurk around and drink from the Infosec knowledge tap, but I never expected to participate. Being on Twitter has allowed me to interact with people I probably would have been afraid to talk with otherwise.

5. Name one security peer whom everyone with an interest in Network Security should follow. (Okay to name 2 if you can’t decide on only one)
I find Jack Daniel (@jack_daniel) is a great source of information for all the is network infrastructure [Editor's Note: Jeff submitted this answer before the Jack Daniel profile went live]. He has a no nonsense approach to dealing with issues that he sees arise. Christofer Hoff (@beaker) is certainly someone I recommend when it comes to the cloud. To say he spends a lot of time with his head in the clouds is not a negative thing in the least, and he gets down to business as well. There are many people out there that bring unique perspectives, and I enjoy the banter.

6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
I think social media and cloud services face similar threats that “traditional” technology faces. When you put information someone wants in a place they perceive they can get it, you usually see a lot of determination and effort put into gaining access. It is important to focus on educating people about how we can use these technologies while protecting the information that drives their usefulness.

7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
I don’t get out all that often, but when I do I stick with local events. I still engage a broad range of security professional at local events. I like the Northeast Ohio Information Security Summit, and always find great value in the people I meet. From my social network, I would say Defcon and Shmoocon sound like really great places to get together with security people from all around. Those are on my wish list for the near future.