Notice I said people, not women.

If you are interested in speaking on a panel at SecurityBSidesSF about Gender (Unicorns, Clubhouses, and Ruffled Feathers: Women in Security) and how it is impacting our industry by sharing diverse stories that have shaped your career, and tips for how as an industry we can improve, please contact me!

Gurdeep Kaur who wrote the paper on “Women in IT Security Project Management” has agreed to sit on the panel to discuss her findings and her experience that prompted the research. Also Jennifer Jabbusch will be speaking again as she did on the original panel at SeucrityBSidesLV.

I am looking for 3 more panelist to make up a 5 person panel.

Thank you all for the response, but I want to clarify two points that I’m not sure I communicated well in the original post.

First of all, I want to give SANS a big kudos for actually posting a piece that is gender based, this was a risk, and I’m glad they took it. Many more organizations would benefit from helping broaden the horizons of gender awareness in the technical fields. Conferences have been very apprehensive in accepting a round-table panel composed of industry professionals (not marketing women) to discuss the state of the industry in regards to gender. Currently, the panel is being held at SecurityBsides events and there will be some perspective European conferences this year that are opening up to the conversation. There are also many women that do not feel comfortable speaking out or helping other women gain entry to the field, this is a definite gender issue, but one we need to address on a different plane, and more in another post.

The second point in the original post was that of the review itself, the content of the research for the paper itself was fine, where I felt there was a deficiency was when it took a turn away from fair representation. Perhaps the advisor could have proofed the paper and suggested some edits to keep it broad enough as to not be easily identified as personal rhetoric, thus reinforcing the research points. I am fortunate enough that the author of the piece HAS agreed to speak on the Gender panel at BSidesSF that will occur during the week of the RSA Conference in San Francisco.

Again, for any women that may be reading this, here is a list of some great sites on the internet that discuss current gender issues.

The Geek Feminism Wiki

Executive Women’s Forum

Signed,

- A Facebook Privacy Memoir Part I

Facebook is so lovely, you can learn about what your friends who you don’t have time to keep up with are doing, look at their pictures, watch some of their videos and generally cyber-stalk them with their permission. Opps, we call that ‘being social’ not stalking now. In the last few years people have really enhanced the art of the me-me using social networks such as Facebook under the guise of “maintaining transparency”. This does beg the question, how much is too much?

In the last year Facebook has come a long way when it comes to the privacy settings, and nearly everyone is hiding something from the general population so we do have a start for some security.  If you want to be ubber technical about it, you can use friend lists and play with your privacy settings to create different views for each segment of your life, but who has time for this? Just like any system, add more complex controls and the users who should be using them the most will not.

I have used firewall graphical interfaces that are less complicated then the Facebook privacy settings. This is mostly due to the privacy settings for Facebook are not all in one place. There are the Privacy settings in the drop down, but then you have to customize your photo privacy settings in a whole different screen. Now add in the option to great groups for your contact and manage the settings by those groups as well. All of the technical minded people might think this is a piece of cake, but my aunt who isn’t that technical, can barely handle navigating from one profile to the next much less the privacy settings! Yet, she has no problem posting pictures, tagging me on the pictures, and sharing them with her friends.

As a Christopher Burgess wrote in his Cisco Security Blog about ‘Security – Who is Responsible’

“ When we wish to use an automobile, we are required to go through a number of steps even before we get the vehicle rolling.  During the drive, we adhere to the rules of the road (drive on the appropriate side, use our signals, stop at red-lights, go when green, etc.).  When the engine light illuminates, the brakes start to screech, or the steering pulls too far left, we take note and either perform the required maintenance or we take it to the garage shop for service. We correct. The mechanic isn’t sitting in the backseat providing telemetry surrounding your vehicle’s operation, and unless my grandmother is in your backseat, you’re probably not being told how to steer, accelerate or brake.  You are responsible.  All of these actions are the responsibility of the operator—the user.  You, the user, will decide “How do I maintain my vehicle and operate it?”  When you violate motor vehicle laws (and are caught), what occurs?  You receive a ticket and tickets carry consequences.  In the US the consequences might include a monetary fine, points on your license and, for some, a mandatory trip to court.  With choices and actions come consequences.

In the online world, we have the same basic responsibilities for security as a driver has in the physical world for safety.”

The unfortunate fact is that there is no education on the do’s and don’t of social media for people such as my aunt, nor would millions of high school students who are competing for the largest friend list and posting every little moment of their life even listen it it was! So here are my two tips for Facebook and a link to Cracked’s 10 Commandments of Facebook.

Don’t friend ANYONE you don’t know, and deny friend request if you don’t know them!

Don’t friend anyone you don’t know if you post anything to your Facebook that you wouldn’t post on a pubic or work bulletin board! You don’t really know who is on the other side of the profile.

If you don’t know the person, deny the friend request promptly! Unfortunately there is a bug in Facebook right now that allows people who request you as a friend to see your live feed while the friend request is pending. As of right now, there is not a privacy setting on the live feed. This is bound to change soon, but it is good measure to always deny friend request until you know that person.

Unless part of your job is using Facebook, don’t update your Facebook from work!

You don’t know who is really on the other side of your ‘Friends’, so unless part of your job is social media, don’t update your Facebook status from work. Wait for lunch, or after work. This is ESPECIALLY important if your organization doesn’t allow access to Facebook.

The 10 Commandments of Facebook

Until next time….