Articles in Moguls and Leaders
An Interview with David Hoelzer, author of DAD, a log aggregator
An interview with David Hoelzer describing DAD, an open source Windows
event log and syslog management tool that allows you to aggregate logs
from hundreds to thousands of systems in real time.
View full post on SANS Technology Institute – Security Thought Leaders
Caleb Sima, CTO for SPI Dynamics
Stephen Northcutt interviews Caleb Sima about the development of Caleb’s company, SPI Dynamics, and the increasing need for solutions for web application security.
View full post on SANS Technology Institute – Security Thought Leaders
Brian Chess, Chief Scientist for Fortify Software
Brian Chess, Chief Scientist for Fortify Software, talks with Stephen Northcutt about static analysis and other web application security solutions.
View full post on SANS Technology Institute – Security Thought Leaders
Dinis Cruz, Director of Advanced Technology, Ounce Labs
Dinis Cruz, Director of Advanced Technology for Ounce Labs, talks with
Stephen
Northcutt about the many facets of OWASP, as well as the important
questions that need real answers in order to develop secure web
applications.
View full post on SANS Technology Institute – Security Thought Leaders
Ryan Barnett, Director of Application Security Training at Breach Security, Inc.
Ryan
Barnett, Director of Application
Security Training at Breach Security, Inc. talks with Stephen Northcutt about the current state of web application security.
View full post on SANS Technology Institute – Security Thought Leaders
Sites we like
Stolen Computer AlertHow to become the world’s No. 1 hackerGregory Evans is the World’s No. 1 Security Consutlant
Interview with authors of The Art of Software Security Assessment
The Leadership Laboratory recently posted a book review of The Art of Software Security Assessment. The book raises a number of issues that we would love to explore further and the authors, Mark Dowd, John McDonald and Justin Schuh have graciously agreed to an interview. One section was titled Code Auditing and the Development Life Cycle and we used that as the basis of …
Mike Weider, CTO for Watchfire
Stephen Northcutt interviews Mike Weider, CTO of Watchfire, regarding recent trends in web app vulnerabilities as well as his company’s solutions for web application security.
View full post on SANS Technology Institute – Security Thought Leaders
Interview with Charles Edge
Charles Edge talks with Stephen Northcutt about security issues in the Mac world; even though the core OS is pretty safe, there are vulnerabilities that every Mac user should be aware of.
View full post on SANS Technology Institute – Security Thought Leaders
Interview with Dr. Robert Arn, CTO of Itiva
The Leadership lab came across an interesting company, Itiva. Their CTO, Dr. Robert Arn, was kind enough to share his time and thoughts with our readers, and we certainly thank him for his time.
View full post on SANS Technology Institute – Security Thought Leaders
Kishore Kumar, CEO of Pari Networks
One of the ongoing research projects in the Security Laboratory is to work with the thought leaders in information security to get an understanding of their vision for our industry. We have recently had the honor of working with Kishore Kumar, CEO of Pari Networks, and we certainly thank him for his time.
View full post on SANS Technology Institute …
Dr. Anton Chuvakin, Chief Logging Evangelist with LogLogic
Dr. Anton Chuvakin from LogLogic is probably the number one authority on system logging in the world, and his employer is probably the leading vendor for logging, so we appreciate this opportunity to share in his insights.
View full post on SANS Technology Institute – Security Thought Leaders
Marty Roesch, Sourcefire CEO and Snort creator
I keep thinking about the news reports that Chinese hackers managed to exfiltrate six terabytes of sensitive data from a large number of systems belonging to the Department of Homeland Security in November 2007. It seems like that would be impossible to do without being detected. But, I have to wonder, since the famous Richard Stiennon paper, Intrusion Detection is Dead, organizations have been replacing …
Leigh Purdie, InterSect Alliance, co-founder of Snare
Perhaps, one of the hottest topics in 2008 is log file analysis (who would have guessed). And while the commercial tools are getting a lot of the press, an open source and also commercial tool is ending up on a lot of systems. It is called Snare and Leigh Purdie is the thought leader behind the project. He has been willing to invest the time …
Kevin Kenan, Managing Director, K2 Digital Defense
Imperva and a few other vendors are starting to understand the importance of database security and release product, but Kevin Kenan, Managing Director, K2 Digital Defense picked up on this long ago.
View full post on SANS Technology Institute – Security Thought Leaders
Gene Kim, Tripwire
Gene Kim is one of the original authors of Tripwire, a software product used to manage configurations and change. Gene is willing to share his thoughts on virtualization with the Security Laboratory thought leadership series, and we certainly thank him for his time!
View full post on SANS Technology Institute – Security Thought Leaders
Bill Johnson, CEO TDI
Bill Johnson, CEO TDI, was the first person in the industry, that I am aware of, to sound the clarion call that we might be vulnerable to attacks via the Baseboard Management Controller (BMC). That certainly qualifies him as a security thought leader, and we thank him for his time.
View full post on SANS Technology Institute – Security Thought …
Gene Schultz, CTO of High Tower
The Security Laboratory is pleased to interview Dr. Gene Schultz, one of the most experienced security practitioners in the field.
View full post on SANS Technology Institute – Security Thought Leaders
Andrew Hay, Q1 Labs
Andrew Hay, one of the authors of the popular OSSEC Host-Based
Intrusion Detection Guide and upcoming Nagios 3 Enterprise Network
Monitoring book has agreed to be interviewed for the SANS Security
Thought Leader series.
View full post on SANS Technology Institute – Security Thought Leaders
Amrit Williams, Chief Technology Officer, BigFix
Amrit Williams, Chief Technology Officer at BigFix, was formerly a research director in the Information Security and Risk Research Practice at Gartner, Inc. He is certainly a security thought leader and if you have not been introduced to him before, we are sure you will find he has some interesting out of the box opinions.
View full post on SANS …
Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill
One of the important concepts that we want to explore in security thought leadership is the idea of group or team thought leadership. And so we are looking for examples of teams that exhibited security thought leadership. Doug Brown, former Manager of Security Resources, University of North Carolina at Chapel Hill, was on a team that exhibits many of the characteristics of security thought leadership.
View …
Bill Worley, Chief Technology Officer, Secure64 Software Corporation
At larger conferences, the SANS Institute has a vendor show, and I like to attend to find out about new companies and new technology. There was a vendor at our last show in Las Vegas, Secure64. I had never heard of them, so I wandered over and we had a great chat. They are a DNSSEC vendor who sells a product based on the HP …
Leigh Purdie, InterSect Alliance, co-founder of Snare: Evolution of log analysis
We asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.
View full post on SANS Technology Institute – Security Thought Leaders
John Pirc, IBM, ISS Product Line & Services Executive: Security and Intelligent Network
John Pirc from IBM’s Network Security Solutions has agreed to be interviewed by the Securitylab; we certainly thank him for giving us his time to discuss security and the Intelligent Network.
View full post on SANS Technology Institute – Security Thought Leaders
Chris Petersen, Chief Technology Officer, LogRhythm
Chris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.
View full post on SANS Technology Institute – Security Thought Leaders
Mike Yaffe, Director of Product Marketing, Core Security Technologies.
Most of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.
View full post on SANS Technology Institute – Security Thought Leaders
Jeremiah Grossman, Founder and CTO of WhiteHat Security
Jeremiah Grossman, founder and CTO of WhiteHat Security, talks with
Stephen
Northcutt about the state of web application security as well as WhiteHat’s approach to website vulnerability assessment and
management.
View full post on SANS Technology Institute – Security Thought Leaders
