John Pescatore

Yesterday I spoke at the 5th annual NIST Security Content Automation conference in Baltimore. A few years ago I spoke at the 2nd or 3rd SCAP conference, which was then a much smaller event held at NIST headquarters in Gaithersburg. The conference attendees then were mostly government security staff and managers, with a few small [...]

[Read more →]

Pilots play with laptops, miss airport; users click, install malware – eternal battle.

[Read more →]

Yesterday at our last security session at Gartner’s annual Symposium, I chaired a debate called “Is Government Regulation Required to Increase Cybersecurity?” The panelists were Gartner analysts French Caldwell, Paul Proctor and Earl Perkins. Basically, I was against government regulation and those three were for it.
Essentially, French felt regulation done right was needed and would [...]

[Read more →]

Dark Reading has a piece on US Department of Homeland Security Secretary Janet Napolitano weighing in against the need for a Cabinet-level cybersecurity position. I agree big time – even though Secretary Napolitano’s position is surely based on protecting DHS’s charter.
Many have this vague hope that if government were to issue security regulations or if [...]

[Read more →]

This is the 11th year I’ve presented at Gartner’s annual Symposium in Orlando, Florida. The terrorist attacks of 2001 and the dot com bust of the same timeframe caused a lot of changes back then but for the last 8 years it has largely been the same. The same type of room in the Swan [...]

[Read more →]

Most people take way better care of their smartphones than their passwords.

[Read more →]

This week I’ll be sucked into the Gartner IT Symposium vortex, where life is pretty much a constant rotation of 1-1 meetings with attendees, giving presentations, doing the normal inquiry phone calls with Gartner clients, and sneaking time online to work off the never-ending flow of email.
Looking through my calendar at the one-on-one attendee meetings [...]

[Read more →]

Not only did Microsoft come out with a huge list of critical vulnerabilities yesterday (including a critical Windows 7 patch), but Adobe joined in with a whooper list of their own – 29 individual CVE numbers. Many of the Adobe vulnerabilities have had active exploits out already, so patch pushing is high priority. If your [...]

[Read more →]

Hanging on my keychain is a brass medallion. On one side it says “Trusted Information Systems Inc. – Building a World of Trust” and on the other side it says “TISX – IPO October 10, 1996″ Sometime earlier that year, or late in 1995, Checkpoint had also gone public and many other Internet security pureplays [...]

[Read more →]

Comcast announced that its Internet service customers would get free “Constant Guard Security Program” features, which basically means McAfee software for their desktops and a Comcast browser toolbar that ties in anti-spyware and phishing alerting from CA.
Now, this is better than Comcast doing nothing, but it basically means Comcast will carry the malware all the [...]

[Read more →]