Archive for the 'Security Industry' Category

« Mark Curphey - SecurityBuddha.com home page
« Previous Entries
Next Entries »

Tracking Risk

July 28, 2008

The team I run at Microsoft is called the Connected Information Security Group (CISG) and we build software that powers the corporate information security program. We had some funny videos made that liven up internal presentations and meetings. I thought I would share them with you. This one is called “Tracking Risk”. Enjoy !
done

var vars = [...]

Categories: CISG, Humor, Microsoft, Security Industry, Working at Microsoft, information security

Comments: 1 Comment

Torvalds on the "Security Circus"

July 18, 2008

According to CNET, in an e-mail to the Linux kernel developer mailing list, Torvalds said a section of the security industry was dedicated to finding bugs in software only to publicize their findings and gain notoriety.
Torvalds wrote that disclosing the bug itself was enough, without having to label each individual security flaw. He added [...]

Categories: Security Industry, Software Development, open source

Comments: 6 Comments

The Real 80 / 20 Rule

June 10, 2008

It’s all about the framework (again)!

Categories: Frameworks, Information Security Economics, Microsoft, Platforms, Security Industry, Security Platforms, Social Networking, Software Development

Comments: Be the first to comment

GRC - Why It’s of LIMITED Interest to Me

June 10, 2008

I wanted to post a “rah rah” message to Rich Mogul when he posted that GRC platforms Are Dead. He was so spot on in my humble opinion that he made me smile for a week or so. I may be a bolshy arrogant git confident but re-assurance from smart people is always comforting. Today [...]

Categories: CISG, Compliance, Dashboards, Frameworks, Information Security Economics, Long Tail Security, Microsoft, Platforms, Security Industry, Security Platforms, Security metrics, Social Networking, Software Development, Working at Microsoft

Comments: 4 Comments

Social Networking, Crowd Sourcing and Security

June 10, 2008

I thought I posted this a while back so my apologies. At the OWASP Conference I spoke about social networking and how it may be applied to security domain in the future.  I used the slide below.
 

 
In a related but unconnected event, that Friday someone of the team sent out a simple spreadsheet [...]

Categories: Cool Business, Microsoft, OWASP, Security Industry, Social Networking, Speaking

Comments: 3 Comments

I am changing my blog subscriptions - Your help is needed

June 10, 2008

I am bored of the same old crap coming across my feed reader so I have decided to experiment; be ruthless and un-subscribe from anything that I don’t read (value) regularly and look for new fresh thinking and opinions. Sure the odd gem can be, well a “gem” and I may miss them but I [...]

Categories: Blogonomics, Blogroll, Information Security Economics, Security Industry, Software Development

Comments: 2 Comments

Checklists Are Not For Dummies, Dummy!

May 24, 2008

At the OWASP Conference in Belgium this week I had a slide about checklists.

This is the story behind the slide. My boss at Microsoft has a friend who is a pilot. He did his pre-take-off checklist and was cleared to taxi onto the runway by air traffic control. He consulted his checklist one [...]

Categories: Information Security Economics, OWASP, Security Industry, Speaking, information security

Comments: 5 Comments

Presenting Security Ideas or Driving Agendas?

May 24, 2008

I opened the OWASP Europe Conference this week with a slide (below) about vendor neutrality.

In essence I urged attendees to consider the motivations of those presenting various ideas at the conference; including myself of course. During the conference it was pointed out that the moderator of a panel “The PCI 6.6 Dogfight - [...]

Categories: Information Security Economics, OWASP, Quotes, Security Industry, Speaking

Comments: 1 Comment

United Web Apps on All Devices?

March 6, 2008

That’s right, its the Mesh. Security implications galore…..I hope there will be some amazing security SOA folks developing these apps.

Categories: Cool Business, Security 2.0, Security Industry, Web Security, information security

Comments: 1 Comment

Tenets of Effective BPM

February 28, 2008

It’s no real secret what I am doing at Microsoft although I haven’t really blogged about it much. I do plan to start in the coming weeks with some long posts about platforms, information security BPM, applying business management techniques to the information security discipline, dashboards and business intelligence etc.
Before I do that and hot [...]

Categories: ACE Team, Certification, Compliance, Dashboards, Information Security Economics, Microsoft, Security Industry, Visualization

Comments: 2 Comments

« Previous Entries
Next Entries »