DonTurnblade Personal Fun: I am a husband and father of five. I like backpacking, boogie boards and bicycling. I like open topics, solid humor and respecting what is noble in life. Internet Barbie fans, www.byte.com/art/9704/sec16/art1.htm, please note: I am a gentleman and do not discuss such matters. Yet, if you must discuss which half of the Internet Barbie was naked, then I am sure that on the internet you truly belong. Professional Cool: I am an Information Security professional. I have the privilege to work with leaders with seriously impressive understandings of responsibility, risk, realism and winning desire. Prevention techniques are my favorite focus in Information Security; fewer people are harmed; there are fewer court cases; and, it saves money. I research hacking techniques. I think it makes prevention efforts more effective and keeps my clients advised of their genuine risks. I wish to thank each person who chooses to advise me concerning demonstrated computing security risks. I thank each of you for your posts, websites, reference materials, source code, free tools, packet sequences, conceptual frameworks, reverse engineering methods, white papers, cryptographic approaches, overflowing research, fault-tree sequences, pre-computed tables, instructional materials, hints, favorite approaches, differing perspectives and/or restless attention to details. I must go on to thank some truly scary individuals. I thank some of the most surprising social engineers I have ever had the privilege of pretending that I do not know; I thank IT Auditors from organizations with scary initials like ISACA, D&T, E&Y, KPMG, PWC, JW and more ... you know who you are. The very idea that a group could simultaneously despise, respect, shun and hire you is a feat barely to believe. And yet, the Conga line at the ISACA conference in Las Vegas is something I will never forget. Matching attack prevention, detection, delay and disarming activity with business and technical risk exposure is a value I bring. To your customer, staff, business and alliances, Information Security is a value added and not simply Governance, Risk and Compliance, GRC. It rightly belongs in the Cost of Goods Sold because doing business with you is more likely when loosing less money and proprietary data is part of the deal. Information Security also belongs in Mergers and Acquisitions, M&A, for exactly the same reason. If we follow the root cause of failed security up stream, Strategic Procurement needs Information Security to more correctly price the data, software, systems and network products we buy. When we do this, the vendor has a financial motive to deliver quality. If Microsoft or Cisco made more money by delivering flaw free software and systems than they do delivering unsecure software and systems, that is a huge difference. In business terms, we need Just In Time, JIT, Security. Microsoft should prove to us that Windows is flaw free in tests we can see, or be fined by the user. For that service, we should pay them a bit more and then prefer them as a vendor. The same should happen to any developed software, database product or system. My actuarial reviewed work in monetary risk exposure could actually fix a price on how much that premium secure service would be worth. For the benefit of the Medical community, I collaborated with ANSI on business cases for ePHI protection. A free copy of the paper is on the ANSI website, http://webstore.ansi.org/phi. Also, I have extended notes beyond the paper in actuarial reviewed models of monetary data risk exposure and the future state of Medical Community Cloud computing. It is possible but needs advances in protected crypto keys inside running memory. With all your help, I am able to keep vital trusts with people's sensitive information and take pleasure in giving Murphy's Law a serious run for its money. Best Wishes, Don .............................................................. Donald Turnblade MBA, MS Physics, CISSP, Six Sigma Black Belt. "Confidence is the sweet spot between arrogance and despair." -- Rosabeth Moss Kanter WhiteHat InfoSec: www.isc2.org, www.isaca.org, www.acfei.com, www.microsoft.com/learning/mcp/mcp www.linkedin.com/in/Arctific Please Note: None of this article will amount to consent by me to receive advertisement material for any purpose. Unsubscribe/Opt Out/Remove me from all advertisements. I reserve the right to each control of my privacy that the law allows. I have a successful balance in my life; I need no advertisements sent to me concerning money, prescriptions, natural supplements, sex or body shape. Please be advised, I have taken successful and lawful action against such abuse in the past. CategoryHomePage