Month: February 2009

Security Catalyst Post – Do as I Say, Not as I Do

Here is a snippet of my latest Security Catalyst post entitled Do as I Say, Not as I Do:

Security professionals have a duty to promote security in the enterprise. In fact, most professionals take on the role of a “security herald” for their organization or customer quite seriously. At the end of the day, however, many practitioners pack up their things, make their way home, and completely throw all of their beliefs out the window.

The sad and unfortunate truth is that security professionals do not always practice what they preach

You can read the entire article here. I hope you enjoy it.

Using Common Sense With Social Media

duhTwitter, like a hammer, is a tool. Many wouldn’t think to bring a hammer to a wedding, board meeting, or maybe even to a super secret trip. One House Intelligence Committee member however, who would probably have been better off bringing a hammer instead of his Twitter-enabled device with him, let slip a secret Iraq trip on Twitter last Tuesday.

Rep. Peter Hoekstra, R-Mich., tweeted a secret congressional trip to Iraq, which Hoekstra was told to keep secret before leaving Washington D.C., on his Twitter feed. The first tweet, sent on Tuesday, announced:

“Heading to Iraq and Afghanistan weds night.I’ll update on twitter and web pg as links are available.I’ll ne back in touch mid next week,”

The second, sent just after he landed in Baghdad, stated:

“Just landed in Baghdad. I believe it may be first time I’ve had bb service in Iraq. 11 th trip here.”

Common sense would dictate that if you were told to keep something secret, you probably shouldn’t talk to people about the aforementioned secret. Common sense would also dictate that if you were assigned to the House Intelligence Committee, you should be fairly adept at keeping secrets.

The ironic part of this whole debacle, is that in January 13th, 2009 opinion piece, entitled
Our Broken CIA and the Death of Innocents, he stated:

I have been long concerned that some within the agency have intentionally undermined the Bush administration and its policies over the last few years. This argument is supported by the Valerie Plame case, and the long string of unauthorized disclosures to the news media from an organization that prides itself on being able to keep secrets.

I guess that opinion piece excluded his personal use of Twitter.

Social media technologies, like Twitter, need to be treated with care and respect. They can be a fun tool to keep in touch with friends and family or, when improperly used, just as dangerous as leaving a manilla envelope of state secrets on a public bench.

Congressman Hoekstra kept posting his every move on Twitter and has not yet had his BlackBerry taken away from him. I suspect that this issue won’t be addressed until he gets back home but the Congressman may want to start thinking about no longer using Twitter at work.

Always a Bridesmaid…

Last week, Alan Shimel posted that he had a free Black Hat DC ticket to give away to a worthy reader of his blog. The winning commenter was Will Chatham with this entry:

I’ve never been to a convention because they always hold them out west or way up north. This one, however, is not unreasonably far from me (I’m in NC), and being an aspiring security professional, I think it would help me in numerous ways, from networking with people to learning more about the field. You don’t know me from Jack, but you would make someone’s year if you chose me!

My entry, which was far superior (in my opinion :P), explains how I had never been to a major conference and that I was a poor Canadian – a hard sell when people find out you live in Bermuda. In all truthfulness, I have never had the excess cash to be able to attend one of these major events and the companies that I have worked for have never seen them as important (i.e. Important for Andrew != Important for company). In terms of career development, I see these conferences as a way to meet peers and colleagues, enhance knowledge, and grow as a person. Hopefully, now that I’m in a new role that supports my views, I can hit up more conferences in the near future….as soon as this damn economy figures itself out that is.

Scroll to top