Tomorrow (28 Nov 2007), I’ll be a featured guest on the live IBM-sponsored TechRepublic webcast Securing Networks Without Borders. My understanding is that the moderator will address me to lead into the segment on “why IT pros need to move beyond thinking of security in technical terms”. I find this somewhat ironic, in that most of what I have to say about that subject in general is usually related to getting IT security professionals to teach others to think in terms of the principles that underlie technical security, but that doesn’t mean I don’t have things to say about the subject more in line with what I expect they’ll want to discuss. It just means I usually find myself motivated to talk about other aspects of the problem.
In case “networks without borders” sounds a bit too buzzwordy for you to parse effectively, I don’t blame you. The specific meaning of the term in this case seems to largely relate to the fact that in a networked world (assuming you’re connected to it all, which you obviously are if you’re reading this online), perimeter security isn’t enough. In terms of security, there’s actually very little to define an effective perimeter because (as I’ve heard/read it put, and agree) security for the most part follows the data.
Anyway, feel free to check out the webcast live. You might get to hear me make amusing speech errors on a live, widely distributed webcast, as one of these “IT industry’s top security minds”, in part because notice of the invitation to participate arrived late enough that my preparation for it mostly consists of reading an article I wrote that prompted the editor Jason Hiner to invite me to refresh my memory. This means I’ll be winging it, substantially. One of the benefits of my principles-based approach to security, of course, is that it’s easy to wing it, so I’m not too worried — when you focus on principles, it’s easy to research and recreate the details from principles as needed, in addition to the obvious benefit of not getting caught up in checklists, losing sight of the big picture and failing to take note of the implications in the changing IT security landscape.
Okay, I’m going to stop babbling about it now, before this turns into too much hand-waving and buzzwords. Even if you miss the original live webcast, it’ll still be available after the fact as a recorded archive of the event. You should be able to access it as a streaming RealPlayer format file, if I’m not mistaken — which, on Unix-like systems, probably involves using MPlayer with Win32 codecs and, for most, an MPlayer plug-in for Firefox. This stuff is all trivially installed on FreeBSD. In theory, at least some of it (if not all) should be trivially installed on Debian GNU/Linux as well (though I haven’t tested it), which would require adding nonfree sources to your
sources.list file. On other OSes, you’re pretty much on your own at this point; this isn’t a tutorial.
I wonder if I can arrange something so it’s available as an Ogg Vorbis file at some point. Doubtful, but I’ll see what kind of pull I have and/or how flexible they are about delivery.