Monday Oct 02, 2006

Blogging from CEC: Day 1

Today is the start of Sun's Customer Engineering Conference (CEC). It is a huge geekfest with thousands of technies descending upon the Moscone Center in San Francisco for several days of executive briefings, technical training and discussions, community building, and of course a lot of fun too. I am currently sitting during our morning keynote where Jim Baty and Dan Berg kicked off the event and Don Grantham is ralling the team discussing recent successes and outlining the opportunities that lay before us. Honestly, for a sales guy - he is doing pretty well in front of this highly technical and often cynical audience.

This year, I will be giving two talks (each given at two times). First, I will be joining Jon Haslam to talk about how DTrace can be used for security monitoring, forensics and (in some limited cases) control. This was a very fun talk to work on and I am very much looking forward to giving it tomorrow. DTrace is such a cool technology and I think we are only at the tip of the iceberg in uncovering ways to use it. This session will include a bunch of practical demonstrations based on both newly developed and freely available code. It is my goal to post the presentations and code snippets once the conference is over.

My second talk is focused squarely on architectural patterns for security. This talk will leverage the Sun Systemic Security work already published as its foundaiton, but it will go deeper into how some of the architectural patterns can be instantiated and realized using Sun and partner products. Again, I think that this should be a lot of fun showing how the higher level abstract components can be made real to solve actual problems facing our customers today.

In addition to my sessions, there will be quite a few security talks happening on each day of the conference on topics ranging from Solaris, Trusted Extensions, Secure SOA, Privacy and Compliance, and even Kernel Forensics. Lots of great speakers and sessions so be sure to stop by and hassle them. \*grin\*

Now, like all speakers, I hope that people will enjoy my sessions and will leave with new ideas, information and a better understanding of the topics being covered. Certainly, the sessions at CEC offer people great opportunities to learn new topics or gain a deeper appreciation for ones they already know. That said, I honestly believe that most people, myself included, get even more out of the community interaction happening before, during and after the conference - the hallway discussions, the brainstorming over breakfast, the deep dives over drinks, etc.

So, if you would like to chat with me about anything - career paths at sun, technical leadership and development, information security, or any other topic - please feel free to stop me in the hall, call my on my cell, message me on SMS or AIM. Gotta love a conference where we are encouraged to remain fully connected! If you do not know my contact information - check it out in CEpedia.

Take care,


Technorati Tag:

Friday Sep 22, 2006

2nd Annual NIST Security Automation Workshop

This week, I had the pleasure of speaking at the 2nd Annual NIST Security Automation Workshop held at the NIST campus in Gaitherburg, MD. Overall the conference was wonderful with both great sessions and of course a lot of great discussions in the halls. Day one of the conference was primarily about vision, strategy and direction with great talks from speakers such as:

  • Tony Sager, Chief, Vulnerability Analysis and Operations, NSA
  • Ron Ross, FISMA Implementation Project Lead, NIST
  • Richard Hale, Chief Information Assurance Officer, DISA
  • Dennis Heretick, Chief Information Security Officer, DOJ
  • Eustace King, Deputy Director, OSD/NII-IAD
  • Annabelle Lee, Director, NCSD/DHS

Day two was focused more on technical matters especially those related to the following efforts:

as well as their interaction and alignment toward the goal of automating security configuration application and assessment. There were also some very interesting vendor presentations from companies who were developing security assessment and configuraiton tools that leverage these formats. Really cool stuff. I am personally very interested in hearing from Sun customers who are tracking these projects and interested in seeing security guidance, alerts, etc. published in the XCCDF and OVAL formats.

All (or at least most) of the presentations can be found here and I also have a copy of my presentation here. My talk was primarily a look at Solaris (and Trusted Solaris) security... where we have been, what we are doing today, and where we are going. Along the way, I also discussed some of the ways in which we have collaborated with academia, industry and government to better understand our customers security requirements, improve the security capabilities of our products, and help make cyberspace a little safer for everyone. Much of that collaboration and teamwork still continues to this day as we work with organizations like CIS, NSA, DISA, NIST, and Mitre (for example) to continue to improve the security capabilities of our products and services, and I, for one, can't wait to see what's next!

Technorati Tag:

Tuesday Jun 13, 2006

Will you be in NYC on June 27th? (FREE PASSES)

[Read More]

Tuesday Feb 21, 2006

RSA 2006 Security Conference Photos

Previously, I wrote about Sun's speaking presence at the RSA security conference this year. Well, now that this year's conference is in the books, and I wanted to share some pictures of the event with you.

The RSA Security Conference was at the Convention Center in San Jose, CA this year.

RSA Entrance

Sun installed a number of Sun Ray 170 Ultra-Thin Clients around the conference center allowing people free access to the Internet. The Sun Rays were also featured through the Sun booth on the show flow. One small note: if you are using publically available kiosks such as these - please be sure to log yourself our of your sessions and close down the browser! I can't tell you how many times I came across someone's e-mail or browser session (where they had neglected to log themselves out). You would think privacy and security would be more of a concern for attendees at a conference like RSA, but then again...

Sun Kiosks

Here we have Mark Thacker (Product Line Manager, Solaris Security and Solaris Trusted Extensions) working on the show floor setting up a demonstration of Solaris 10 based on his recently published HOWTO: Eliminating Web Page Hijacking Using Solaris 10 Security.

Mark Thacker

Sun Security Illuminati - Gilles Gravier (Chief Security Strategist) [left] and Jim Hughes (Sun Fellow) [right] pose for a picture on the show floor. Jim hosted a BoF session on day 1 of the show titled "Storage Security - Use of Encryption to Protect Data at Rest".

Jim Hughes/Gilles Gravier

A quick screen shot of Solaris Trusted Extensions. "TX" (as it is affectionally known) is the successor to Trusted Solaris 8. Instead of being a separate product, however, Trusted Extensions will be offered as a piece of software that is layered on top of Solaris 10. TX was announced at RSA and will be available to customers (in beta form) in April.

Solaris Trusted Extensions

Another area of the Sun Booth focused on Secure Service Oriented Architectures (or Secure SOA) for short. Rafat Alvi gave an excellent talk on Secure SOA to a standing room only crowd on day 1 of the conference. It was obvious that this is an area of intense interest judging by the way Rafat was also mobbed as he manned the the Secure SOA area of the Sun booth.

Secure SOA

The Sun booth also featured a variety of other offerings including Sun's new SCA-6000 cryptographic accelerator, Sun's identity management and compliance offerings, Sun's encrypting tape drive, and much more!

Back on stage, the man who needs no introduction... Whit Diffie was a speaker at the RSA Crytographers Panel. Whit shared the stage with crypto luminaries: Ronald Rivest, Adi Shamir, and Martin Hellman. The panel was moderated by Burt Kaliski.

Whit Diffie

Scott McNealy was one of the keynote speakers at RSA this year. Scott's talk was titled "Embracing Risk and Opportunity Through Security". The main thrust of the talk focused on the security and management challenges created by "best of breed" product selection leading to a virtual "Frankenstein" of non-standard, non-interoperable and non-integrated silos in the Data Center. Scott also talked about the security risks of monoculture on the desktop. One of the key themes throughout Scott's talk was Sun(SM) Systemic Security.

Systemic Security #1

Scott McNealy/Systemic

Systemic Security #2

While talking about how Sun builds security into our porfolio of products and services, Scott was joined by James Gosling (Sun Fellow, the Father of Java) who talked about security design issues and challenges considered when designing the Java language.

Scott McNealy/James Gosling

Scott was also joined by Dr. Sheueling Chang (Sun Distinguished Engineer) who talked about her work on Elliptic Curve Cryptography and Sun's contributions to the open-source and standards efforts in that area.

There was so much happening at RSA, there is just not enough time to write about it all. I hope however that this can shed a little light into some of what Sun was doing at the conference!

Take care,


Saturday Feb 11, 2006

Sun shines at the RSA Security Conference

From the press release. For more information on Sun Systemic Security, check out this posting. If you are going to be attending, be sure to check out the Sun booth and look me up! I will be in and around the conference Monday through Thursday and will be at the customer luncheon (Tuesday), if you would like to chat a bit.

MENLO PARK, Calif. -- Feb. 8, 2006 --Sun Microsystems, Inc. (NASDAQ: SUNW) executives Scott McNealy,
chairman and CEO, will deliver keynote presentations on Feb. 14 at the RSA Conference.  At the RSA
Conference in San Jose, Calif., Scott McNealy's keynote presentation will address the need for a
systemic security approach to both protect and enable opportunities the network provides.

Scott McNealy's keynote presentation, "Tear Down the Walls -- Embrace Risk and Opportunity Through
Security", will take place Tuesday, Feb. 14 at 9:50 a.m. Pacific. The RSA Conference is being held
at the McEnery Convention Center in San Jose, Calif. from Feb. 13-17. Information about the 
conference can be found at

Additional Sun Activity at RSA Conference

Sun will host a customer luncheon with security experts Whitfield Diffie and Radia Perlman. Held
on Tuesday, Feb. 14, the lunch will provide an opportunity to learn more about Sun's systemic
approach to security. For more information and to register for the luncheon, please visit

In the Sun booth, number 515, visitors can view demonstrations and discuss Sun's integrated
technology solutions. In addition to McNealy's keynote, several Sun executives will be 
participating in presentations and panels at the RSA Conference, lending expertise on topics
such as identity management, cryptography, data management and cross platform security.
Additional Sun presentations at RSA Conference include:

Tuesday, February 14

    \* 10:35 a.m. Pacific - Whitfield Diffie, chief security officer
      The Cryptographers Panel
    \* 11:45 a.m. Pacific -- James Hughes, Sun fellow
      Storage Security -- Use of Encryption to Protect Data at Rest
    \* 2:00 p.m. Pacific - Yvonne Wilson, architect
      Implementing Federated Identity: What Products Do You Need?
    \* 3:25 p.m. Pacific - Rafat Alvi, senior architect, CTO Office
      Trusted SOA: An End-to-End Trustworthy Services-Oriented Architecture
    \* 4:30 p.m. Pacific -- Rags Srinivasan, CTO, Technology Evangelism
      Secure Cross-Talk Between Java and NET Platforms Using WS-Security 

Thursday, February 16

    \* 2:00 p.m. Pacific -- Michelle Dennedy, chief privacy officer
      The Policy of Identity: Privacy Rules
    \* 2:00 p.m. Pacific -- Nancy Hurley, director, Data Management Group Software
      Integration of Data Management ILM Systems
    \* 3:25 p.m. Pacific -- Radia Perlman, distinguished engineer
      The Information Protection Wars 

Friday, February 17

    \* 11:10 a.m. Pacific -- Hanumatha Neti, director, IT Security and Danny Smith, IT
      security specialist
      Security Metrics -- How Six Sigma is Helping Security in Large Enterprises 


This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.


« August 2016