SPoT: Jack Daniel / @Jack_Daniel
Welcome to this week’s installment of Security Pros on Twitter. Today’s SP is a very well known security expert, and one who brings an intriguing dose of personality to the table, Jack Daniel. Self-described on Twitter as “Sporadic blogger, Tech Community Activist, InfoSec Curmudgeon, Reluctant CISSP, Amateur Blacksmith, and stuff”, Mr Daniel is truly a man of many “hats.” In addition to serving as the Director of the National Information Security Group (NAISG), Jack shares his musings on Twitter and his blog, Uncommon Sense Security.
Real Name: Jack Daniel
Twitter Handle: @jack_daniel
Top 3 Social Media/Networking Sites:
Twitter, Linkedin, and Facebook as a distant third
1. In which area(s) of security are you most involved?
I live and work in the UTM space, covering all the fundamentals of network security, firewall/content filtering/proxies/VPNs, etc.
2. What security topics will be the most important in the next 18 months? Why?
It kills me to admit it, but “cloud” computing (whatever that means) will be very important. Not because of the hype, but because, like virtualization, it will let us make old mistakes in new and creative ways while also offering exciting and original ways to get security wrong.
I also think that “antivirus” is of renewed importance. Microsoft’s venture into free antivirus and the impact that will have on the AV industry, combined with the increasing irrelevance of traditional AV in defending against many modern attacks, means that it is time to step back and challenge what works, what doesn’t, and what to do about it. We may not have many conversations about this, but we should.
3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
A failure to grasp and act on the fundamentals. In network security, this often manifests itself as an unhealthy push for needless complexity, which dramatically increases the likelihood of misconfiguration and failure. (I’m not blaming anyone, but if I did, I would look toward San Jose, CA) All the blinky-light boxes in the world will not overcome basic misconfiguration issues.
4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
My adoption of Twitter was pretty slow, and has grown gradually over time. It started as a way to stay in touch with friends and has expanded into a powerful (and still wonderfully inane) way to communicate. I have gotten more out of Twitter than I can list in a short space, from friendships and information to Twitter being the starting point for the Security B-Sides events.
5. Name one security peer whom everyone with an interest in Network Security should follow. (OK to name 2 if you can’t decide on only one)
That’s hard; I follow too many people for too many different reasons to pick one or two. I’ll cop out and recommend following @SecurityTwits, that is a good way to find out who is saying or asking what, which leads to finding good people to follow.
6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
The fundamental insecurity of social media is also why people use it. Platforms designed for openness and sharing of content are perfect for exploitation, but if you lock them down, you lose their value. User education is the only solution, and that will only reach a limited number of people (and they don’t have to listen). I have more hope for the security of cloud services in general; I think it will eventually be possible to do an acceptable job of securing the infrastructure, but as with everything else, the client implementation is where I see ongoing insecurity.
7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
RSA and BlackHat are giant events with many opportunities for socializing and networking. SOURCE Boston is a much smaller event – you could almost call it intimate – and it really encourages the feel of community. I’ll cheat and add a fourth – Shmoocon is a great and affordable event.