Sunday, April 29, 2007

Bumblefuck, WI

One of the perks of being a consultant is traveling to great places. Buenos Aires, NYC, Chicago, Boston, etc. Of course, we also travel to some pretty out of the way locations now and again. This week I'm stuck in Bumblefuck, WI.

Now Bumblefuck wouldn't be so bad. Wisconsin is known for its cheese and beer (yay, beer!). But Bumblefuck has little of either from what I can see so far. I found a few chain restaurants as I drove around looking for a place to grab a meal. I also found a few local places, so I decided to drop in on one of them. The first warning sign that I made a bad choice was that there was no beer served here. Well, that's the only warning sign, but the food was decent and cheap. But no beer? I feel like I'm back in the South, standing in the wine & beer isle at Publix on a Sunday where signs everywhere remind me that someone else's religious beliefs are being pushed upon the rest of us and therefore I can't buy alcohol on "God's" day. Feh.

On another note, I went to Stone Mountain yesterday for some hiking. 3 times up and down for ~7.5 miles (including the walk in/out of the park, since we're all too cheap to pay for admission). Sandy mentioned hiking Kilimanjaro... perhaps when we're done with the fall season we can plan an expedition for a handful of folks... I'm having some serious wanderlust these days. Vacation can't come soon enough.

Wednesday, April 25, 2007

Preview of my Cf.Objective() Talk

Thanks to Charlie Arehart and the guys behind Cf.Objective(), I'll be presenting a 30 minute mini-talk on Friday entitled "Security and the SDLC: Threat Modeling". This will be the first online user group presentation I'll be doing and I'm pretty excited!

"In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime."

While this is billed as a preview of my Cf.Objective() talk, its more of a parallel track. In this talk I'll be hitting on one of the three high ROI activities that can be added to the SDLC in order to begin addressing the problem of software insecurity. Of course at Cf.Objective() I'll be spending more time on the baseline activities, including code reviews and penetration testing, and how they fit into the overall development lifecycle.

I hope people will RSVP for this online meet-up and then come see me in Minneapolis next week!

Thursday, April 19, 2007

Behind on posting... again

I'm behind on posting about HFD again due to work... I've been on the road the past two weeks from Sunday to Friday, so it has definitely slowed me down.

Last week I was in Madison, WI for the final blast of winter weather. We got more than 6" of snow in a day, more snow than I have seen in many, many years. Thankfully, Madison doesn't just shut down when it snows.

I returned home to much warmer weather on Friday, just in time to hike at Amicalola Falls on Saturday. We were expecting severe thunderstorms, so it was decided that we'd do a short hike of 10 miles to the Len Foote Hike Inn and back. This is a pretty easy trail with no difficult climbs or descents, so we knocked out the 10 miles and a short break at the Hike Inn in about 3.5 hours. After sharing some homebrew with the team, we all headed back to town and took shelter from the storms which never materialized... Sure, it rained, but it wasn't the downpour that was expected.

This week I'm in Nashville, TN, home of bad bouffant hairdos and some really questionable "western" clothing. I feel like I've been transported back in time... I really can't wait to leave.

The next few weeks will be light on posting since I'm going to be traveling a lot. Sunday morning I'll be hiking on the Benton MacKaye Trail with the team before running back to ATL for a flight to Memphis. I'm going to be presenting a seminar on software security in Memphis and meet with some potential customers for a few days before returning home. The following week I'll be back to the cold, white north — hopefully a lot less cold and white this time — to teach a class and present at Cf.Objective(). This trip is going to involve a LOT of driving. I fly into Green Bay, WI on Sunday, drive to central WI that afternoon and spend the next 4 days teaching a software security class. Then I'm driving 200+ miles to Minneapolis to catch the first day of Cf.Objective() where I will be presenting a talk entitled Security and the SDLC: A Strategic Approach to Software Security. But I won't be spending a lot of time at the conference since I need to be in NYC that night. So I'll be making a mad dash to the airport after my talk to catch a flight.

Damn... its going to be a busy few weeks. Hopefully things will calm down as we get into May... but I doubt it. Work hard... play harder!

Thursday, April 05, 2007

Unicoi Gap to Tray Mountain

Oh, I'm way behind on posting...

Nothing terribly exciting this week, just 10.5 miles on the AT from Unicoi Gap to Tray Mountain and back. The team was great, we kept up a fast pace and completed the hike in just over 5 hours including the time we spent relaxing on top of Tray Mountain for lunch.

This is fast becoming one of my favorite hikes in GA. Great scenery and a challenging trail make this a great way to spend a Saturday afternoon in the woods.

No hiking for me this weekend. I'll catch up with the team again next weekend at Amicalola Falls for the Len Foote Hike Inn trail to the AT Approach Trail.