Tuesday Apr 26, 2005

Sun's CPO in Action!

Check out Sun's Chief Privacy Officer, Michelle Dennedy, in action at the Security Leadership Council Online Conference and Expo on April 28th at 12 PM Eastern. The online conference runs for two days starting April 27th. Michelle is a speaker for the Leaders Roundtable session, COMPLIANCE IN THE COURTROOM: Security Practices Must Stand Up in Court and will be joined by Matt Curtin and Steven Brower.

The abstract for the session is:

The whole point of Regulations & Compliance is to turn certain practices and methodologies into legally binding mandates that are enforceable in a court of law. Compliance practices, while good in and of themselves, have to be implemented with a very strong legal focus to ensure full demonstrability in the eyes of the law, should the need to do so arise. This session will discuss cyber forensics & e-incident investigation, as well as the legal and technological ramifications of demonstrating compliance in the courtroom.

The site does require free registration and that you RSVP for the sessions that you wish to attend.

Friday Mar 25, 2005

I'm not dead yet!

It has been a very long time since my last post and for that I apologize. I have a good excuse honest! I was off for most of January with the birth of my second son. Following that, as you can imagine when I came back I needed to spend a good deal of time unburying myself from e-mail, v-mail and project deliverables. So, now that I am nearly unburied, I can safely proclaim that I am not dead yet!

I wanted to take a few moments to catch you up on a few things that I have been doing over the last two months or so. I will also preview a few things that will be coming up...
  • Upon my return from leave, I presented at the RSA 2005 Security Conference held in San Francisco, CA. I had the honor of presenting on the topic of "Adaptive Security for Dynamic and Consolidated Environments" with Dave Walker and Peter Charpentier. It was quite a blast!

  • I have continued my work as a member of the Unix Benchmark Team for the Center for Internet Security. Most of the recent work has been on the development and refinement of the Solaris 10 Security Benchmark. I have to say that in large part due to the teamwork displayed by that organization, the Solaris 10 Benchmark has come together very quickly and should be ready to release soon.

  • I have also been working on converting some of my Solaris 10 Security blog articles to become Sun BluePrints Cookbooks. The first of such to be converted was the Automating Solaris 10 File Integrity Checks. It was published this month. It looks like at least one more will be published next month. Don't think that this is just a rehash of the blog however. We did actually go in and add new clarifications, examples, and other content! Also, I would like to acknowledge Darren Moffat and Scott Rotondo for their careful technical review of the article. Thank you very much.

  • I have also been working on new material. Hopefully in either the April or May edition of the Sun BluePrints, you will see a new article titled something like Limiting Service Privileges in the Solaris 10 OS. The paper is done, it is just a matter of getting it through the necessary processes.

  • I have been doing a lot of customer briefings on a variety of topics. Most of my briefings are deep dives into Solaris 10 security features and capabilities. In fact, just last week I presented to over 300 customers in both New York, NY and Somerset, NJ on those topics. It is absolutely incredible the things that you can accomplish with Solaris 10 in the security space.

  • I have also been preparing a talk that I will be giving on April 4th at the EDUCAUSE Security Professional's Conference in Washington, DC. The subject of my talk will be "Systemically Secure Architectures". If anyone reading this will be there, please be sure to stop me in the hall and say 'Hi'!

  • I have also been accepted to present at the New York State Cybersecurity Conference. The subject of my talk will be "Lessons from the Trenches: Solaris Security Best Practices". Hope to see you there!

Those are just a few of the things that I have been working on recently - that I can talk about of course. ;-) I hope to do another posting with yet another Solaris 10 Security tip in the very near future.

Also, before signing off, I have to send some kudos to the Solaris Security Toolkit team. Thanks to their hard work and determination, we can now proudly say that the Toolkit has become an official Sun product that is supported under the Solaris Support contract. Great work everyone!

Take care,

Monday Oct 25, 2004

OEM Business Forum with Sun Microsystems

I have been away for a while due to vacation, customer visits and preparation for a few upcoming conferences. I will be back soon with more Solaris 10 Security information and tips. In the meantime, you will be able to catch me this week at the Sun OEM Business Forum being held in Rochester, NY. I will be presenting on the topic of designing and building secure OEM business solutions.

Others speaking at the event include:

  • Colin Fowles, Director, Sun OEM Business Office
  • Patrick Petschel, Director, Market Development, Nu Horizons Electronics Corp.
  • Dr. Bob Sproul, VP & Fellow, Sun Labs of Massachusetts
  • David Towne, Manager Sun Compliance Engineering
  • Trey Talbott, Client Services Architect
  • Gordie Klueber, Technical Architect, CTO Office, Sun Microsystems Labs
You can find more information on this event at:


Special thanks to Nu Horizons Electronics, Inc. for sponsoring this event.

Monday Oct 04, 2004

2004 Annual Fall Computer Security Symposium -- UNCC

Security pros to share secrets at UNC Charlotte

As information technology has advanced, it has increasingly become the key to efficient business communication. The spread of such technologies - and the consequent reliance on it - requires a commitment to understand and minimize the threats that could compromise the facility, privacy and integrity of network data.

Leading researchers and practitioners in the fields of information security will delve into these issues and discuss solutions during the Fall Computer Security Symposium at The University of North Carolina at Charlotte. Secret Service agent Tony Marino and Sun Microsystems Chief Security Officer Whitfield Diffie are among those sharing their expertise during the October 13th program in the Cone Center's McKnight Hall. Attending cyber security professionals, including business continuity professionals, IT managers, software developers, systems administrators, information security professionals and policy makers will have the opportunity to question the experts. Registration begins at 8:30 a.m. with sessions running from 9 a.m. to 4:30 p.m.

Other top cyber security leaders to present will be:

  • Kent Blossom, Director of Safety and Security Services, IBM
  • Al Decker, Director, Security and Privacy Services, EDS
  • Tom Fisher, CIO, Qualcomm
  • Brad Ipema, Attorney, Wachovia Bank
  • Kevin Kealy, Security Scientist, AT&T
  • Wynn Mabry, Director, Homeland Security, Mecklenburg County
  • Joan Myers, President, North Carolina Electronics and Information Technology Association
  • Ed Paradise, Vice President and General Manager, Mobile Wireless Group, Cisco
  • Rebecca Whitener, Director, Privacy Services, EDS
  • James A. Whittaker, Associate Professor of Computer Science, Florida Institute of Technology

The symposium's sponsors include: UNC Charlotte's College of Information Technology and the university's Charlotte Research Institute, which draw on their extensive research and educational programs in computer security. The College of IT's program was recently redesignated by the U.S. National Security Agency as a Center of Academic Excellence in Information Assurance Education.

In addition to UNC Charlotte, sponsors include the North Carolina Electronics and Information Technology Association, the Information Technology Council of the Charlotte Chamber of Commerce and InfraGard.

For details & registration on this year's symposium, please visit http://www.coit.uncc.edu/symposium/2004/site/index.cfm.

To compliment the 2004 Cyber Security Symposium, on Wednesday, October 13th, there will also be a radio broadcast. "Charlotte Talks", a production of WFAE FM 90.7 will host Whitfield Diffie (Sun Microsystems Chief Security Officier), Rebecca Whitener (Director of Privacy for EDS) and Tony Marino (Special Agent for the Secret Service) to address certain questions regarding Identity Theft.

You can listen via the radio or the Internet at FM 90.7.

Common Criteria User's Forum

The Common Criteria User's Forum will be held this week in Washington, DC. Specifically, the event will begin on Wednesday, October 6th and conculde on Thursday, October 7th. The cost of this event is $100 for non-government employees. For U.S. government employees, the fee is waived.

(From the web site), the goals of the forum are to:

  • Recommend practical means to improve the Common Criteria processes and standards to make them a truly viable mechanism toward improving COTS product security for not only the Government, but for all customers.
  • Present the opportunity for all parties to express their perspectives on the issues raised and to identify realistic means to resolve them.
  • Provide an open forum to discuss and resolve the apparent differences between the views of commercial entities and NIAP.
  • Develop a specific plan of action for the recommendations from the NIAP Review and the Task Force Report as well as any additional recommendations developed by the attendees.
  • Begin to share Common Criteria experiences as a means of educating all stakeholders.

It looks like it will be both a fun and constructive event. I would encourage anyone interested in the future of the Common Criteria to stop by if you can. I will be moderating a session on day 2 entitled "Common Criteria Requirements for Commercial Users". This session will focus on what is needed to make the Common Critiera more relevant and appropriate for use in the private sector. It should be quite a discussion! If you are able to drop in, please say hello!

I will hopefully be getting back to my list of lesser known and/or publicized security enhancements to the Solaris 10 OS in the next day or so. Until then, thanks for reading and take care!


This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.


« July 2016