Almost a Year In...

Woah, it's been almost a year since I have posted an update on the blog. Most of my discussions and ideas have been pushed mostly through Twitter.

The simplest of reasons... Work has been eating my time up and when it wasn't work I was fighting uncontrollable pains in my legs. Well after 4 or 5 different tablets, finally found one that is controlling the pain and has minimal side effects.

I would tell you to watch this space once more, but to be honest, i am not sure at all when I will be able to post on a regular basis! Thanks for watching & reading, keep following me on Twitter.

Related Links:

• FVT on Twitter

Once Again We Bid Farewell to a Beloved Cat! RIP Gwen

Here we are again on a sad day for our beloved pets. Just shy of 19 years but going on a thousand (she aged with grace all the while being the grumpiest sod on earth), Gwendoline was bade a fond farewell today (2009-10-27) with great hesitation but compassion. Time had come to pass as Gwen's health had been seriously degrading over the past few days...

We had been hesistating for awhile as she kept pinging back to a pseudo state of well being. Our running joke was that she would outlive us all or at least her cat siblings out of pure jealousy and spite. But yesterday, her mother and I realised that her health had taken a big fat slap in the face, which was confirmed by the Vet this morning (very little to do and it would only help her for a couple of days) as with advanced age comes the slow detoriation of critical body functions like bowel, bladder & mind. So this morning around 10:00, Gwendoline drifted off to a better place!

There are fond memories of Gwen as she has always been very close to both of us despite her inate jealously of all over cats (except Mogwai)! At one point she was even jealous of our own relationships and was quickly renamed my second wife as she would force herself between us in bed.


Overall, however, she seriously preferred her mother and as she grew older became a permanent appendage on her arm. She did love us greatly and continuously demonstrated her affection toward us all.

Gwen will be remembered as the much loved jealous queen of the manor! ;-)

Farewell and R.I.P.

PS: don't worry, life goes on, the populus was augmented just last week with one female black entity (Beauty - the basement cat).

Thus Begineth a New Chapter in my Career

Tomorrow [1 October 2009], I am embark on a new job and role. I am moving away from the general IT consultant & internal architect role in the big corporate environment to a more focused architect/consultant role for a security software company. I will be more focused on helping customers pull together IdM solutions using the company's product.

This will be an interesting change providing a much more focused activity on one specific subset of security but I hope to carry on exploring the vast and interesting subject that security is. My last position lasted almost 10years and in itself was quite interesting considering the variety of activities and projects I was involved in. This new position will be just as challenging if not more as I will be participating in the growth of this company as it evolves internationally (they are already a major player in the domain in this country and are planning to expand heavily in the rest of Europe, middle-east and the US).

On the other side and for my personal growth, I am still working on a few things including passing my GCIH (that happens next wednesday), doing the CISSP (end of October) and continuing to look at developing for the iPhone & Android platforms. Hopefully, I will also be able to finalize a couple of blog entries I am working on the subject of the real-time web, a micro-blogging feature request and some thoughts on Vanish.

Wish me luck!

A Fun Way to Understand AES!

Constantly on the look out for information on encryption and better understanding of the mechanisms behind algorithms, I was amused to discover this morning the MoserWare's A Stick Figure Guide to the Advanced Encryption Standard (AES).

The information presented is significantly accurate but presented in a humorous plain cartoon format. Quite enjoyable! What was interesting is that it goes back to the history of how AES came about and presents a basic overview of how block ciphers work...

Application Updates Tops Cyber Security Risk, Real World Fix is More Complex

A few days ago, SANS released it's new Top Cyber Security Risks report with a new interesting twist to the usual well-explored risks (such as web server vulnerabilities). The new risk that is highlighted quite effectively is the problem of application vulnerabilities which have had an increase and become much more visible. A good example of this has been the ongoing reports of vulnerabilities in Adobe products such as Flash and Acrobat.

Part of the issue that is highlighted by the report is the slow turn-around to deploy application patches/updates to reduce the risks and fix certain vulnerabilities. This is in fact no surprise! Having spent a number of years in the corporate IT security environment the application update process is a bigger dilemma than one might think. There a number of factors that impede an effective and complete application patching process be it for a few thousand to 10's or 100's of thousands of an installed client base. Some of these issues can be highlighted by the three following concepts:

• Online availability of clients to receive the updates, making it more difficult to get an effective deployment rate;
• Patches for versions that are in-use might not exists and upgrading to new versions presents other challenges such as budgets, compatibility with other applications, continued functionality support for the business solutions;
• Patches (or upgrades) can break or change features that are relied upon by business solutions or process effectively breaking the latter and presenting an impediment on business ability to work effectively.

For a corporate IT security team a balance has to be achieved between the need to carry out effective patching or upgrading versus the need to let the business continue to work as effectively and efficiently as possible. This is the hard truth, patching to mitigate vulnerabilities is not necessarily the best solution for a business if it breaks functionality or impedes the business process!

An effective IT security team will understand this and works towards an acceptable compromise that balances the risks versus the business' ability to carry on efficiently through policies and process that mitigate the risks or control/patch the vulnerabilities. Notably, the report section on best practices for mitigation and control provides a number of effective risk management techniques that start by understanding the applications that present risks and building an effective defense plan...

Related Links:

• SANS www.sans.org
• The Top Cyber Security Risks
• Twenty Critical Controls for Effective Cyber Defense.