podcast

IT jobs shortage? Slide over to security

Dave Farquhar security , , , , , , , , ,

IT jobs are getting scarce again, and I believe it. I don’t have a cure but I have a suggestion: Specialize. Specifically, specialize in security.

Why? Turnover. Turnover in my department is rampant, because other companies offer my coworkers more money, a promotion, or something tangible to come work for them. I asked our CISO point blank if he’s worried. He said unemployment in security is 0.6 percent, so this is normal. What we have to do is develop security people, because there aren’t enough of them.

I made that transition, largely by accident, so I’ll offer some advice. Read more

Listen to this if you think a router makes you invincible

Dave Farquhar security , , , ,

One myth that I hear over and over is that having a router on your Internet connection makes you invisible, and makes you somehow invincible. I even heard someone say recently that if you have a router/firewall, you don’t need to run antivirus software.

Security researcher HD Moore appeared last week on Risky Business and he talked about ways that entire classes of routers can be compromised. Give it a listen. Read more

Microsoft was wrong whether it patched XP this time or let it burn

Dave Farquhar security, Windows , , , , ,

Years ago I heard a joke that reminds me of the situation Microsoft found itself in last week with its latest IE vulnerability:

If a man is alone in a forest, and there’s no woman there to hear him, is he still wrong?

I was as shocked as anyone when Microsoft released just one last Internet Explorer patch for Windows XP on May 1. I can argue either side of the issue, but I don’t think I can argue either side convincingly enough to get a simple 50.1% majority of people to agree with me, because I’m not sure I can argue either side of the issue convincingly enough that Iwould agree with myself.

I think it’s important that 26% of all web traffic is still coming from Windows XP today, nearly three weeks after it went end of life. That likely played into the decision. Microsoft was in a no-win situation here, and they had to decide whether they wanted to lose 1-0 or 24-1. So I don’t think it matters all that much, but here are the pros and cons of each side, as I see them. Read more

The publicity around security is a good thing

Dave Farquhar security , , , , , , ,

On one of the podcasts I listen to, two of the hosts questioned whether the publicity around recent security vulnerabilities are a good thing.

As a security professional who once studied journalism, I think it’s a very good thing, and it’s going to get better. I liken it to the rise of computer virus awareness. Read more

IT security vs. the construction industry

Dave Farquhar security , , ,

On the Risky Business podcast last week, Andrew Wilson, the CEO of Australian cryptography gear maker Senetas, stated that many businesses see the bad things that happen from poor IT security as just a cost of doing business.

Nothing revolutionary there. We’ve all seen it. Target is paying a steep price right now, but what about Michaels and Nieman Marcus? They got breached at the same time as Target, and nobody’s talking about them. Maybe Target thinks the cost of doing business got too high, and they’ve hired a CISO and I hear they’re hiring lots of new security personnel–I have coworkers and former coworkers in the Minneapolis area who tell me as much–but for Michaels and Nieman Marcus, the cost, at least so far, appears to have been manageable.

But Wilson added something that I hadn’t heard anywhere else before. Fifty years ago, he said, construction workers dying while building a large building was considered a cost of doing business. Fifty years ago that was normal. Today it’s unacceptable.

Read more

Losing the luster of Christmas–and something of a cure

Dave Farquhar Careers , , , ,

The Kansas City Star published a forlorn editorial this week about the struggles of many people this Christmas.

I can relate. I’m much better off than many people, but this is the third Christmas in a row where my job has a hard end date attached to it. And this year, for the first time in my career, I made less money than I did the year before. For me, Christmas has been the worst day of the year for a very long time, because I know I can’t live up to everyone’s expectations of me.

But I’m better off than a lot of people. Right now I have a job. Some of my former coworkers took bigger pay cuts than I did this year, or they’re still looking. And, as bad as this year has been, I think everyone needs to go without work for a month or so sometime in their life. I think I have something that can help, but I’m gonna make you read something first. Or at least scroll a lot. Read more

The three things that make a difference

Dave Farquhar Parenting ,

So I was talking with my boss’ boss’ boss one day last week about parenting. He was talking about sending his kids to Montessori school and what an advantage it was, but how much it cost, and, well, I agree. Two years of Montessori school had me reading at a third grade level before I started first grade, and my math skills were pretty advanced too, even though I already didn’t like math. Then he paused and said, somewhat whimsically, that it doesn’t make much of a difference.

There are only three things a parent can or can’t do that make a big difference in how their kids turn out, he said. Read more

How I find podcasts to listen to

Dave Farquhar Uncategorized , ,

Last week I raved about podcasts, and a reader comment asked how I find them. Good question–worthy enough to be the subject of a post, rather than just a two-line comment in response.

There are several ways to find them, and I think it’s worth the effort.

Read more

Taking back the drive time

Dave Farquhar security ,

Several months ago, I started listening to security podcasts in the car during my commute. I probably have my annual CPE requirement tripled by now–I’ll go submit my 30 in a week or two, and I don’t see much point in tracking it beyond that–but, more importantly, I’ve increased my professional awareness. Read more

Use Audacity to sneak an extra podcast in each week

Dave Farquhar security ,

If you don’t mind your podcasts sounding like chipmunks, you can shave 10-15 minutes off their length by loading the MP3 into Audacity before sneakernetting it to your car. Simply download and install Audacity, install LAME for MP3 support, then, when you download your podcast, load it into Audacity, select the “Effect” menu and choose “Change Speed,” then enter 20% and click “OK.” You may need to experiment a bit. Then save the file to your MP3 player or USB media and you’ll have it for when you’re on the go.

The benefit, of course, is that if you can keep up with it, those 60-minute podcasts drop down to more like 45-50 minutes, so in theory, if you listen to five of them per week, you can get a sixth one in.