Rational Survivability

This is probably my most favorite presentation I have given.  It was really fun.  I got so much positive feedback on what amounts to a load of crap. 😉

This video is from the Cloud Security Alliance Summit at the 2011 RSA Security Conference in San Francisco.  I followed Mark Benioff from Salesforce and Vivek Kundra, CIO of the United States.

Here is a PDF of the slides if you are interested.

Part 1:

Part 2:

Related articles

• My Warm-Up Acts at the RSA/Cloud Security Alliance Summit Are Interesting… (rationalsurvivability.com)
• George Carlin, Lenny Bruce & The Unspeakable Seven Dirty Words of Cloud Security (rationalsurvivability.com)
• Incomplete Thought: Why Security Doesn’t Scale…Yet. (rationalsurvivability.com)

Besides a panel or two and another circus-act talk with Rich Mogull, I’m thrilled to be invited to present again at the Cloud Security Alliance Summit at RSA this year.

One of my previous keynotes at a CSA event was well received: Cloudersize – A cardio, strength & conditioning program for a firmer, more toned *aaS

Normally when negotiating to perform at such a venue, I have my people send my diva list over to the conference organizers.  You know, the normal stuff: only red M&M’s, Tupac walkout music, fuzzy blue cashmere slippers and Hoffaccinos on tap in the green room.

This year, understanding we are all under pressure given the tough economic climate, I relaxed my requirements and instead took a deal for a couple of ace warm-up speakers to goose the crowd prior to my arrival.

Here’s who Jim managed to scrape up:

9:00AM – 9:40AM // Keynote: “Cloud 2: Proven, Trusted and Secure”
Speaker: Marc Benioff, CEO, Salesforce.com

9:40AM – 10:10AM // Keynote: Vivek Kundra, CIO, White House

10:10AM – 10:30AM // Presentation: “Commode Computing: Relevant Advances In Toiletry – From Squat Pots to Cloud Bots – Waste Management Through Security Automation”
Presenting: Christofer Hoff, Director, Cloud & Virtualization Solutions, Cisco Systems

…

I guess I can’t complain 😉

See you there. Bring rose petals and Evian as token gifts to my awesomeness, won’t you?

/Hoff

Related articles

• Cloud Security Alliance Summit 2011 at RSA Conference (365.rsaconference.com)
• RSA Guide 2011: Key Themes (securosis.com)
• RSA Conference 2011: Association Events on Monday (365.rsaconference.com)
• George Carlin, Lenny Bruce & The Unspeakable Seven Dirty Words of Cloud Security (rationalsurvivability.com)

Recent Speaking Engagements/Confirmed to  speak at the following upcoming events:

• FIRST, Miami, FL, keynote  – June 13-18
• SANS What Works In Virtualization and Cloud, Washington, D.C., keynote – August 19th-20th
• Ping Identity Summit, Keystone, CO, Cloud session with Gunnar Peterson – July 20-23
• Black Hat 2010, Las Vegas, NV, July 26-29
• Defcon 18, Las Vegas, NV – July 30-August 1
• VMworld, San Francisco, CA – August 30-September 3
• RSA Japan, Tokyo, Japan – September 6-12
• Telfonica Cloud Security Event, Madrid, Spain – September 13-16
• NIST 2010 SCAP conference, Baltimore, Maryland – September 28
• IANS New England Information Security Forum, Boston, MA, keynote – September 29
• MassTLC Security Summit, Burlington, MA – October 1
• HacKid, Cambridge, MA – October 9-10
• RSA Europe, London, UK – October 11-15
• Security at University of Michigan Summit (SUMIT_10), Ann Arbor, MI – October 18-19
• Sector, Toronto, Canada – October 25-28
• Black Hat Abu Dhabi, UAE – November 10-11
• Cloud Security Alliance Congress, Orlando, FL – November 16-17

There are a ton of venues I haven’t added here because they are directly related to customer visits that may not wish to be disclosed.  You can see the prior list of speaking engagements listed here.

[I often get a bunch of guff as to why I make these lists: ego, horn-tooting, self-aggrandizement. I wish I thought I were that important.  The real reason is that it helps me keep track of useful stuff focused not only on my participation, but that of the rest of the blogosphere.  It also allows folks to plan meet-ups]

/Hoff

In advance of publishing a more consolidated compilation of various recordings of my presentations, I thought I’d post this one.

This is from Microsoft’s BlueHat v9 and is from my “Cloudifornication: Indiscriminate Information Intercourse Involving Internet Infrastructure” presentation.

The direct link is here in case you have scripting disabled.

The follow-on to this is my latest presentation – “Cloudinomicon: Idempotent Infrastructure, Building Survivable Systems, and Bringing Sexy Back To Information Centricity.”

Related articles by Zemanta

• CLOUDINOMICON: Idempotent Infrastructure, Survivable Systems & Bringing Sexy Back to Information Centricity (rationalsurvivability.com)
• See You At Black Hat 2010 & Defcon 18? (rationalsurvivability.com)
• The Hypervisor Platform Shuffle: Pushing The Networking & Security Envelope (rationalsurvivability.com)
• If You Could Have One Resource For Cloud Security… (rationalsurvivability.com)
• Airing Private Cloud’s Dirty Laundry… (rationalsurvivability.com)

Here is some of the recent coverage from the last couple of months or so on topics relevant to content on my blog, presentations and speaking engagements.  No particular order or priority and I haven’t kept a good record, unfortunately.

Important Stuff I’m Working On:

• Cloud Security Alliance
• CloudAudit/A6
• Common Assurance Metrics

Press/Technology & Security eZines/Website/Blog Coverage/Meaningful Links:

• How Cloud Service Brokers Enable the Cloud Marketplace – Connecting SOA to the Cloud
• Incite 2/17/2010 – Open Your Mind – Securosis
• Fun Reading on Security and Compliance #23 – Security Warrior Blog
• From private clouds to solar panels: more control and uniqueness, but are they worth it? – Data Center Dialog
• Want to build a private cloud? – SearchCloudComputing
• What’s The Difference Between Security And Trust In The Cloud? – CSC Trusted Cloud Services
• In The Era Of Mashups, MashSSL Could Be A Savior – CloudAve
• Cloud Computing, A Primer – The Internet Protocol Forum
• On the many limitations of (network) virtual appliances – Virtualization.info
• Incite 1/27/2010: Depending on the Kids – Securosis
• Can regulators keep up with Cloud Computing? – CloudAve
• The network performance within the cloud, an hidden enemy – Reflections of the Void
• The Cloud Computing Compliance Conundrum – Data Center Knowledge
• Is over-capacity inevitable in cloud computing? – virtualization.info
• Cloud Overbooking – Part 1 – Virtually Insane
• Infrastructure 2.0: Squishy Name for a Squishy Concept – f5 DevCentral
• Top 10 Web Hacking Techniques of 2009 – Jeremiah Grossman
• On Virtualization, Clouds and Meta Orchestration – SeekingAlpha
• Forecast for 2010: The Coming Cloud ‘Catastrophe’ – BusinessWeek
• The Daily Incite – 12/28/09 – Meyer’s Choice – Security Incite
• Virtualization, Cloud Computing, And Next-Generation Security – InformationWeek/DarkReading
• My Thoughts After CloudCamp Boston 2009 – Fubardness is Contagious

Recent Speaking Engagements/Confirmed to  speak at the following upcoming events:

• Govt Solutions Forum Feb 1-2 (panel |n DC)
• Govt Solutions Forum Feb 24 D.C.
• ESAF, San Francisco, March 1
• Cloud Security Alliance Summit, San Francisco, March 1
• RSA Security Conference March 1-5 San Francisco
• Microsoft Bluehat Buenos Aires, Argentina – March 16-19th
• ISSA General Assembly, Belgium
• Infosec.be, Belgium
• Codegate, South Korea, April 7-8
• SOURCE Boston, April 21-23
• Shot the Sherrif – Brazil – May 17th
• Gluecon , Denver, May 26/27
• FIRST, Miami, FL,  June 13-18
• SANS DC – August 19th-20th

Conferences I am tentatively attending, trying to attend and/or working on logistics for speaking:

• InterOp April 25-29 Vegas
• Cisco Live – June 27th – July 1st Vegas
• Blackhat 2010 – July 24-29 Vegas
• Defcon
• Notacon

Oh, let us not forget these top honors (buahahaha!)

• Top 10 Sexy InfoSec Geeks (link)
• The ThreatPost “All Decade Interview Team” (link)
• ‘Cloud Hero’ and ‘Best Cloud Presentation’ – 2009 Cloudies Awards (link), and
• 2010 RSA Social Security Bloggers Award nomination (link) 😉

[I often get a bunch of guff as to why I make these lists: ego, horn-tooting, self-aggrandizement. I wish I thought I were that important. 😉 The real reason is that it helps me keep track of useful stuff focused not only on my participation, but that of the rest of the blogosphere.]

/Hoff

My friends at ERNW in Germany are putting on another fantastic security conference this year. I was lucky enough to attend Troopers ’08 in Munich and this year it’s in Heidelberg.  Check out the details here.

TROOPERS10 – This time it’s a home match.

This year we’re bringing back the action right to the place where everything started: Heidelberg, Germany.

In 2007 the idea of a security conference without the usual product presentations, marketing blabla, and bull*ht-bingo was born – just pure practical IT security. After an enthusiastic response from our audiences in Munich we decided to evolve the concept into a full-blown conference combined with a series of workshops and round tables.

We’re inviting (C)ISOs, IT auditors, sysadmins, security consultants and everyone who is involved with IT security to come to Heidelberg and get in touch with leading experts from all over the world. A number of workshops on monday and tuesday covers highly relevant topics in detail, on wednesday and thursday you’ll learn about the latest developments, threats and achievements from world class security evangelists, experts and hackers. And on friday we seat you on round tables right next to the speakers and fellow experts. You’ll be able to discuss your own strategies and concerns with them face-to-face. You will be listened to, because in the end of the day we’re all the same: TROOPERS in the infosec world.

The (first annual) 2009 Federal Identity Management & Cyber Security Conference is being held in Washington on December 15-16th.  I’m speaking on day two on a panel moderated by Earl Crane of DHS on “Innovation and security in Cloud Computing.”

The Information Security and Identity Management Committee (ISIMC) of the Federal CIO Council is taking steps to deliver  on the President’s pledge for cybersecurity. ISIMC will discuss strategies and tactics for securing and defending federal IT  systems and networks for trusted and reliable global communication.

The objectives of this conference are awareness, education, and alignment toward a common vision for cyber defense  within the federal community.   This conference will focus on protecting the nation against cyber aggression, while preserving and protecting  the personal privacy and civil liberties that are the core of american values.

Hosted by  the Information Security and Identity management committee (ISIMC), which supports the federal CIO Council  in enabling chief Information officers (CIOs) and chief Information Security officers (CISOs) to  collaborate on: (1) identifying high priority cybersecurity and identity management initiatives; and (2) developing  recommendations for policies, procedures, and standards to address those initiatives that enhance the security  posture and protection afforded to federal government networks, information, and information systems.

Topics Include

• Nation’s top cybersecurity challenges addressed by a
• Panel of government and Private Sector leaders
• US-cert and the challenging landscape of
• Federal cybersecurity
• Security Performance – What Is next?
• Innovation, cloud computing and Web 2.0
• Federal desktop core configuration next Steps
• Supply chain acquisition best Practices
• IT Security Policy and legislation
• Identify, credential and access management

This should be an interesting two days.

Here is some of the recent coverage from the last month or so on topics relevant to content on my blog, presentations and speaking engagements.  No particular order or priority and I haven’t kept a good record, unfortunately.

Press/Technology & Security eZines/Website/Blog Coverage/Meaningful Links:

• Threatpost – Coverage of my SecTor 2009 Cloud Security Keynote
• Can We Secure the Cloud? Can We Afford Not To? – Microsoft TechNet/Bluehat Blog
• Another Day, Another Data Loss – Gordon Haff, C|Net
• Cloud Security Raises Unanswered Security Questions – Grant Buckler, itbusiness.ca
• Of Cloud Computing & Virtualization – Oman Sultan, Cisco
• Infrastructure 2.0: Young Turks at SRI – Greg Ness
• Cloud Security – Time To Smoke Another One? – Bill Brenner, Computerworld
• Security Threats to virtual environments less theoretical, more practical – Michael Mimoso, TechTarget
• Security Showdown: Cloud Computing vs. On-Premise IT – Dana Gardner
• A6 Promises A Way To Check Up On Public Cloud Security – Tim Greene, Network World
• Cloud rEvolution: Laying the Foundation – CSC Leading Edge Forum (PDF)

Podcasts/Webcasts/Video:

• Silver Bullet Podcast – Cigital’s Gary McGraw and I chat about Cloud security
• CNET Reporter’s Roundtable – Rafe Needleman and the “Danger of Cloud Computing”
• Threapost Digital Underground – Dennis Fisher and I chat about security, disruptive innovation and Cloud security

Recent Speaking Engagements/Confirmed to  speak at the following upcoming events:

• Enterprise Architecture Conference, D.C.
• Intel Security Summit 2009, Hillsboro OR
• SecTor 2009, Toronto CA
• EMC Innovation Forum, Franklin MA
• NY Technology Forum, NY, NY
• Microsoft Bluehat v9, Redmond WA
• Office of the Comptroller & Currency, San Antonio TX
• Intercloud Working Group, GooglePlex CA 😉
• CSC Leading Edge Forum, VA
• DojoCon, VA

I also forgot to thank Eric Siebert for putting together the VMware Top 20 blog list and putting me on it as well as the fact that Rational Survivability made the Datamation 2009 Top 200 Tech Blogs list.

/Hoff

This coming week I'm off to VMworld in Las Vegas for a week of virtual immersion.

I'm looking forward to meeting with fellow practitioners, analysts, folks from VMware, Microsoft, Citrix and vendors as well as attending many of the sessions and labs.

There are several meet-ups including community get-togethers, so if you're in town, ping me and let's get together and exchange ideas.

There's a bunch of anticipated high-profile announcements and I hope some of them pan out.  I'll be live-blogging/tweeting (beaker) as much as possible from the show.

See you there.

/Hoff

I’ll be at in D.C. at ShmooCon the latter part of this week. 

I’m arriving in D.C. the afternoon of the 14th and leaving on Saturday the 17th.

If you’re going to be there, ping me [choff @ packetfilter.com] or call my voice router @ +1.978.631.0302.  I’m looking forward to a number of talks.

See you there.

/Hoff