Thursday, July 19, 2012

Metricon 7 Workshop Reminder

Just a quick reminder about the Metricon 7 workshop on security metrics.

Date: August 7, 2012

Location: Bellevue, WA (co-located with USENIX 12)

Registration:  (pick just the metrics workshop or the entire event)


1. Introduction to Metricon, security metrics and workshop goals by Anton Chuvakin (9:00-9:30)

2. “Even Giant Metrics Programs Start Small” by David Severski (9:30-10:30)

3. Break (10:30-10:45)

4. PANEL: “Rules of the Road for Useful Security Metrics” (10:45-11:30)

5. Mini-talk 1 and 2 – TBD (11:30-12:00)

6. Lunch break (12:00-1:00)

7. “What We Want to See in Security Metrics” by Christopher Carlson (1:00-2:00)

8. PANEL: “What We Know to Work in Security Metrics” (2:00-2:30)

9. “Application Security Metrics We Use” Steve Mckinney (2:30-3:00)

10. Break (3:00 – 3:15)

11. "Threat Genomics and Threat Modeling” by Jon Espenschied (3:15-4:15)

12. Discussion time, everybody shares lessons, highlights, etc (4:15-5:00)

13. Conclusions, results and action items by Anton Chuvakin (5:00-5:15)

Additional details: here 

See you there!

Tuesday, July 17, 2012

Book Review: “UP and to the RIGHT: Strategy and Tactics of Analyst Influence: A complete guide to analyst influence” by Richard Stiennon

This is not a book for everybody (and your grandmother probably does not need to read it; neither does an average IT professional). However, I think that this book is pure gold for those tasked with interacting with analyst firms.

I am an analyst, and I wish every vendor client read this book and followed some of the advice given there. It would reduce pain on both sides of the conversation, as well as make the interactions more valuable for – again! - both sides.

Obviously, this is not a book to guarantee your IT product a favorable placement in analyst research. It is also not a book on how to bamboozle the analysts, despite its focus on analyst influence. However, it is definitely a book to make sure that well deserving products, developed and marketed by good teams of people, don't get sidelined.

Some of the specifics that I liked include the influence pyramid concept, social media techniques, a careful approach to managing corporate Wikipedia entries, specific approaches to various analyst activities (such as calls, reports, advisory days and conferences), etc. My favorite sections (both fun to read as well as insightful!) are the one on “guerrilla tactics” and the obligatory “what not to do” chapter (the latter has a few sad case studies of IT vendors who screwed themselves up). Another great chapter covers the role of a vendor sales team in both helping the interaction with the analyst firm and avoiding some embarrassing mistakes.

In fact, this book makes me proud to be an analyst. Then again, maybe it is my ego talking as the book seems to project an impression that “an analyst is the most important person in the world“, at least as far as IT vendors are concerned.

Finally, if you are a IT vendor marketer, remember: when you say “holistic," some analysts think “imaginary.” Richard suggests to scrub your presentations of silly meaningless words like “synergy” and “holistic.”

Monday, July 09, 2012

Monthly Blog Round-Up – June 2012

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:
  1. Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people. “On Free Log Management Tools” is a companion to the checklist (updated version)
  2. My PCI DSS Log Review series is popular as well.
  3. On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.
  4. Top 10 Criteria for a SIEM?” came from one of my last projects I did when running my SIEM consulting firm.
  5. Log Management at $0 and 1hr/week?” is where a lot of companies still are, thus this post became popular again.
In addition, I’d like to draw your attention to a few posts from my Gartner blog:

Denial of Service research:

Other fun posts:

Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Dr Anton Chuvakin