SPoT: James Arlen (@myrcurial)

Beginning this week, we are kicking off our new SPoT (Security Pros on Twitter) series, profiling security professionals who are present and active on Twitter. We will profile one SP each week through the rest of the summer.

Since Anue Systems (@AnueSystems) first joined in on the Twitter fun, we have followed and interacted with a variety of folks, and these are the thought leaders who we’d turn to first with a specific, hands-on question regarding security of the internal network, the cloud, or even virtualized environments.

Without further ado, let’s get to it…

Real Name: James Arlen
Twitter Handle: @myrcurial
Top 3 Social Media/Networking Sites:
Twitter / LinkedIn / Liquidmatrix Security Digest!

1. In which area(s) of security are you most involved?
I used to be technical/tactical – IT Security. These days, I’m spending most of my time working on Organizational Security and Risk Management.

2. What security topics will be the most important in the next 18 months? Why?
Of key importance (of course) is going to be the increasingly porous “perimeter” which will surpass database flaws as the primary source of data breaches. Unfortunately, the vendors are not on our side and are not going to help solve the problem. It needs to be fixed at the employee/user level through increased awareness of the problem and active cooperation on solutions.

3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
The thing that is the hardest to explain is that the presence of a firewall isn’t going to save you (the business user) from your own foolish actions – the best preventative technological controls available can be bypassed by (a) 14 year old kids and (b) users doing what they feel is the best thing at the time. [Once more for effect] A firewall won’t save you from sending your customer list to 100 sales people and 1 ex-sales person’s Hotmail account.

4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
The primary reason that I became active on Twitter is to have access to a peer group. The Canadian security space is fairly compact, and sometimes, having an international opinion is a great thing. And of course, [I'm there for] the fooling about and goofing off – Twitter is an outlet for stress as much as it is an inlet for knowledge.

5. Name one security peer whom everyone with an interest in Network Security should follow. (OK to name 2 if you can’t decide on only one)
Wow – it’s #FollowFriday! If you’re focused on Network Security, you should really be following @jack_daniel and @jjx. He’s a curmudgeon who generally cuts to the core of the issue FAST. She’s about as unlikely a security expert as you can imagine – short, blonde, southern accent – but if you’re mature enough to value people for their skill rather than the package, she’ll teach you a thing or two that you never expected. [The Network View has engaged with both of these security experts for inclusion in SPoT series as well.]

6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
Security – for social media? I’m pretty sure there isn’t much of that. My simplest response is that you shouldn’t depend on social media to provide you with any security – if you’re not comfortable putting it on a postcard or wearing it on a t-shirt, you shouldn’t be posting it to a social media site. With regard to cloud security – ask @Beaker, I get all of my opinions from him.

7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
The number one thing is to remember that for any event – from a local SIG all the way up to Blackhat or RSA - the most important thing to do is cruise the “Hallway Track”, get involved in conversations, and have an opinion. If you were coming to me and asking me where to spend your money – considering value for dollar – DEFCON, Shmoocon/SourceBoston/SecTor, and your local SIG. The big names (RSA and Blackhat) are awesome, but unless someone is covering the tab, they’re crazy expensive and you can get the same content at the second tier conferences for less money with better access to the speakers.