Sunday, April 19, 2009

A Beacon of Light

I have many mentors because I believe that you can learn something from everyone that will make you better or worse.  The choice is yours to make, along with the consequences of that choice.  One of my mentors once said, “Sunlight is the best disinfectant.”  To me that means exactly that.  Shine a light into the darkness and try to share what is discovered.  In the world of information security this process has been proven time after time.  Change is the only constant.  

This is where the name of my blog came from.  Like a lighthouse sitting on top of a cliff, shining it’s light into the dark sea to safely guide the ships away from the danger.  Another well respected mentor of mine told me to write about what interests you.  While I believe in responsible disclosure, if the information is already being written about all over the Internet – the information is already disclosed.  My interests are Information Assurance, Privacy, Information Security, Incident Response, Risk Management, Security Awareness Training, Security Policies, Log Analysis, Security Research, Security Metrics, ID Theft Prevention, Anti-Phishing, Anti-Spam, Anti-Malware, Social Media Security, Ethics in Computing, Beta Testing, and Writing.

When CastleCops moved on in December 2008, it was a sad day in my life.  Paul, Robin, and all of the staff/members put a great amount of time (along with blood, sweat, & tears) to build CastleCops.   In my opinion, it became a place on the front lines of the never ending and always changing fight against cyber-criminals.   The team efforts of PIRT, MIRT, and SIRT were amazing.  I am very proud of my time as a PIRT Handler and fought the good fight every day.  Now that I have had the time to adjust to this change, I have realized that even with CastleCops gone - the fight still continues.      

I do not know one person who knows everything.  Some professionals may have more expertise in one area, but weaknesses in other areas.  My point is that we need to work together as a community and share that expertise because that is exactly what the cyber-criminals are doing.