SecuRisk Solutions today announced the release of their new podcast series entitled SharkTalk™ wherein cutting edge information security topics and issues are discussed with renowned authors, speakers, technologists, executives, contributors and pragmatists in the information security arena.

You can subscribe to these podcasts via iTunes or RSS.

For more information, please visit - Shark Talk with Mano Paul

Many major news carriers found it important to carry the news today that “Obama orders a 60-day cybersecurity review”. Some stated that “Cybersecurity is now one of the major national security problems facing the United States”, while in reality, it is actually a major INTERNATIONAL security problem facing the ENTIRE GLOBE (not just the United States). Other references were made to th need for the White House to

1. initiate a drive to develop next-generation secure computers and networking for national security applications; 
2. establish tough new standards for cyber security and physical resilience; 
3. battle corporate cyber espionage and 
4. target criminal activity on the Internet.

All of these are absolutely important and critical issues that cannot be ignored, but one major issue missing in these is the PEOPLE component of cybersecurity. As my whitepapers have repeatedly eluded to, People are the FIRST line of DEFENSE; technical security controls are rendered futile by people who are not aware of how to protect their own computing ecosystem.

I was  privileged to be in the audience of the Commission on Cybersecurity for the 44th Presidency on the day  (December 29), their report was released for public viewing, where the panelists - Rep. Jim Langevin (D. R.I), Rep. Michael McCaul (R. TX), Lt. General Harry D. Raduege Jr. USAF, retd.) Deloitte & Touche and Marcus Sachs, Verizon Comunications participated.

Highlights from the panel I captured are given below.

1. Cybersecurity is today’s greatest security threat.
2. There is a need for increased awareness among the American people.
3. Threats are real today in the virtual world.
4. Espionage and Digital Pearl Harbor is very likely.
5. Cyberspace is an national asset and needs apropriate protection not just for national security but also for economic security without compromise on privacy and civil liberties.
6. There is a need for buy-in from the International community as well as cyberspace does not end at the waters edge.
7. Partnerships with the private sector as well is extemely important and has been proven to be useful in past situations.
8. There is a need for a cyber mindset - safe and protected use of the cyberspace.
9. There is a need for education and awareness - across the nation and internationally.

“It is Imperative as a nation that cybersecurity is taken into account seriously for the liveability of the nation. If not we have failed as a nation.” 

From the press release it seems to be like President Obama is taken cybersecurity into account seriously. Only time will tell of the liveability of this nation and the world. It’s about time that cybersecurity was in the forefront.

Was Ronald Reagan thinking about Phishing when he uttered one of the most famous sayings in history … read more

Honestly, I dont even know where to start. Succintly, I must admit that the experiences in Algarve, Portugal and at the OWASP EU was varied, interesting, and a mixture of highs and hangovers from just a few hours of sleep each night (as some were working and preparing for talks and others were partying and some doing both:-)) to say the least.

Training at OWASP

It was a privilege to be one of the 80+ invitees to attend the OWASP EU Summit and deliver two training courses. One of it was - Web Application Security for Executives and Managers and the other was The Art and Science of Threat Modeling .

Texas Representation

Arriving in Lisbon, I met Matt Tesauro, leader of the OWASP Live CD project and Nishi Kumar, graphics contributor for the OWASP LiveCD project.

The Pride of Texas -  Mano “The Bull Rider” Paul

Need I say more - you be the judge of this …
On the bull for one minute and 20 seconds; 8 seconds is a joke … Enjoy the video. by clicking on Media Showcase once the page loads
Let’s just say that this was one of the highlights until …
Note:Voice of Tom Brennan, Marcin Wielgoszewski, Kuai Hinojosa and David Campbell (champion swimmer) in the back screaming - “hands in the air”, “i am getting this on video” and “ha ha ha ha ha …”
Payback will be sweet.

Sessions and Friends

Session I attended were in the following tracks - Education, Ceritification, SAMM, and OWASP Live CD, all of which had discussions (some heated) and very productive in chartering out the objectives, goals, scope and course for the coming years. Friendships were established that would last a lifetime.

All in all …
All in all - what can I say, Honestly, I dont even know where to end. Succintly put, I must admit that the experiences in Algarve, Portugal and at the OWASP EU was varied, interesting, and a mixture of highs and hangovers - a cornucopia of experiences - to say the least.

(ISC)2 announced the release of a brand new certification, entitled the Certified Secure Software Lifecycle Professional (CSSLP), to address educating and certifying people on various aspects of software security.

Covering topics from Secure Software Concepts to Secure Deployment and Operations, weaving through Requirements, Design, Development, Testing and Acceptance, this certification is a welcome addition to the already existing gold standard certifications that (ISC)2 administers such as the CISSP, SSCP, CAP, CISSP-MP/AP/EP.

More information about CSSLP can be found at https://www.isc2.org/csslp
A whitepaper on the Need for Secure Software can be found at https://www.isc2.org/download/CSSLP-white-paper.pdf

My keynote address on “Application Security Trends and Challenges”  and the training session on “Advanced Threat Modeling” went well and a few friends have posted some comments about their experience.

Check it out.
http://armorize-cht.blogspot.com/2008/09/owasp-appsec_22.html
http://projectbee.org/blog/archive/owasp-appsec-conf-delhi-day-2-and-more/
http://projectbee.org/blog/archive/owasp-appsec-conf-delhi-day-1/

Representing (ISC)², the global leader in security education and training as their Software Assurance Advisor, I will be delivering the keynote address on Application Security Trends and Challenges in OWASP India 2008.

If you plan to attend or you will be there, come by and say hello.

Dates - August 20th, 2008 @ 9:00 -10:00 a.m.
Venue - India Habitat Center, New Delhi
More Information, click here