March has been a rough month for the Cyber Security community.
On March 2, Howard Schmidt, one of the industry’s first CISOs (if not the first) and former cyber security advisor for two presidents passed away from cancer.
If that wasn’t bad enough, on March 15 - the Ides of March - we lost Becky Bace - a much beloved security strategist, technologist, academic, researcher, author, connector-of-people, mentor, raconteur and self-defined Infidel. She was known as the “Den Mother of Information Security” and loved by many.
Talk about a one-two punch.
I met both of them right around the same time. I was the external PR person for several Trident Capital companies - Sygate, TriCipher, Thor, AirTight and KSR (now Neohapsis).
Howard was on the board of Sygate (and TriCipher?? I forget...). Becky did technical due diligence for Trident, and was hands-on with all of the ones I worked with. I used both of them as spokespeople, regularly, which is how I got to know them.
Collectively, they played a major role in ushering in a generation of cyber security professionals. Fittingly, Howard’s life and times warranted a New York Times story and several loving trade press articles. In many ways, he was the face of the Cyber security profession - its ambassador to the world at large. But Becky…she was its heart.
Becky was as seminal a presence as Howard, but in a different way. If the cyber security industry was a car (Becky always did like analogies…), Howard was the headlights, illuminating the way forward. Becky - a technologist, academic, teacher, and nurturer at heart - was the chassis, built by design to bring people along for the ride, safely.
Becky was undeniably brilliant. She was funkier than Howard, maybe even slightly kooky, but in the very best way. I mean, how many Japanese people do you know that speak with a(n American) Southern twang?
When I met Becky I was just getting my footing in the PR world and had naturally gravitated towards cyber security (then called “infosec”) as an area of expertise. Having entered the workforce relatively late - after a detour down what most might consider an unconventional path - I felt a kinship with hacker-types. I was especially drawn to those whose contributions were valued enough to where any potential non-conformity was accepted.
Becky for me was living proof that I could excel professionally without having to posture or pretend to be anything I wasn't. That was news to me at the time, and I was overjoyed.
I worked more closely with her for longer than I did with Howard, plus for a while we lived close proximity of each other (I lived in downtown San Jose, she and Terri lived in the “Republic of Scotts Valley”). It was during that time that I really got to know her. And to know Becky is to love her.
That’s why the news of her passing is such a gut punch. Like my friend Jon Brody said when he texted me about her passing, “this one hurts.”
And the stories on Becky are beginning to post – in SC Mag, in CSO, and her partner Terri is posting personal reflections and memories of Becky at infidel.net.
Beware the Ides of March – someone important always seems to die on that day.
I’ll miss you Becky. Rest in Peace.
To Howard Schmidt, InfoSec's Godfather and all around Good Egg - Rest in Peace and thank you for your service...
Welcome to my new website...this site refresh is the first one I have done since 2008, making it way overdue.
While there is a new post coming (first in a while), I wanted to take a minute to re-post two ten year old posts (almost!) from when I first started consulting, as they are the only two I'll be porting over from my old site.
Back in 2008, IoT wasn't yet a thing, the CISO role (as opposed to CSO) was just emerging, and regulatory compliance was the main driver for new information security investment. And...infosec was referred to as infosec, it had yet to become "cyber"-ized. And while I never got actual attendance numbers, in light of the recession, 2008, RSAC attendance was believed to be lower than usual....likely the last time for a long time that that will be the case - thanks to the endless parade of mega breaches, cyber security has hit the mainstream...
But that's another topic for another post. For now, saved for posterity, here's my RSAC 2008 post:
Fear and Loathing on the Expo Floor
The buzz on last week’s RSA Conference is that as big as it was, and despite a large and diverse agenda, with DLP, PCI, and virtualization as the clear topics du jour, the show seemed be missing its usual intensity. Exhibitors were out in full force, yet the turnout seemed to be less than last year -- unsurprising given the acknowledgement towards flattened or decreasing security budgets. Not to mention the gala was met with a thumbs down by a surprising amount of people.
That said, the RSA Conference is still the preeminent security event of the year, and there is still plenty to be had for those looking. Ericka Chickowski of Baseline Magazine and I were definitely looking, and decided to drum up a little hype at the industry’s biggest hype-fest. Who better to join forces than a PR person and a journalist to poke fun at the marketing frenzy that is par for the course on any expo floor but times ten at RSA.
We hit the floor, camcorder it tow, looking to have a little fun with vendors around their irritating habit of inundating the press with pitches explaining how they could have prevented headline-worthy breaches. We decided to offer them a prime opportunity to weigh in on the Hannaford breach and specifically, how their solution could have prevented it.
Some fell for the bait, and some were either onto us or knew how to work it…
To the credit of just about all the people we interviewed, the conversation took on a deeper tone. Because Hannaford was PCI compliant (or were they…?) the conversation ultimately became focused around the ongoing conundrum caused by security and compliance still being mutually exclusive. While the ambiguity of SOX might have caused a certain amount of needless investment, PCI is a data security standard, which would imply that investing in PCI would result in a more secure infrastructure. Is that really the case? To check out the the unedited interviews, click here
Check out the video below...and before you cringe over the production values, this was filmed with a JVC camcorder, edited with....some video editing program for Windows, in the press room, done in a couple of hours....