If you haven’t had the opportunity to check out some of NoVA’s local security bloggers, here’s your chance. We’ve found the cream of the crop, making it easier for you to identify bloggers you like and information you need.
This week, we’ve picked posts that cover everything from books to careers. There’s also some congratulations in order for one of NoVA’s very own bloggers that won “Best Non-Technical Security Blog” at RSA. Can you guess who it is? If not, we’ll reveal the answer at the end of this post.
#3 – Hack This Book: Discussing the book Chained Exploits: Advanced Hacking Attacks from Start to Finish by Andrew Whitaker, Keatron Evans, and Jack B. Voth, @carnal0wnage provided an interesting review that talked about how valuable Chained Exploits is for people in the industry. According to @carnal0wnage, one of the pros of Chained Exploits is that “I couldn’t think of another book that approaches the problem from the ‘chained exploit’ perspective meaning one exploit doesn’t give you the keys to the kingdom or your final end state.” But it seems that the pros of Chained Exploits were outweighed by the cons, with @carnal0wnage saying that “the ‘chained exploit’ approach is valuable from a teaching point of view but anybody that pentests for a living has been doing this for awhile now, its just part of ‘the process.’” 2carnal0wnage also noted that while the idea of ‘chained expolits’ might be new to print, it’s nothing new to the security community. You can read the full review here.
#2 – Toot Those Horns: Using another great analogy to get his point across, Marcus (@marcusjcarey), stresses the importance of ‘tooting your own horn’ in the infosec community. In his “Toot Your Own Horn” post, Marcus says that the majority of us out there blog or tweet about stuff that’s said by the ‘big wigs’ or people who we perceive to be important in the security community, when really, we should be giving our own thoughts and opinions. In essence, ‘tooting’ our own horns. Part of ‘tooting your own horn’ also applies to interviewing, which Marcus talked about in his “Own Your Technical Interview” post. Don’t be afraid to show what you know, but as Marcus pointed out, don’t lie, and don’t be afraid to say ‘I don’t know.’
#3 – S.773: Finishing up his original posts about the Cybersecurity Act of 2009, @rybolov wrote parts three and four of his “Blow-By-Blow on S.773″ series. While @rybolov encourages readers to look at the actual bill, he does a great job of breaking it down so even the most non-politically savvy of us can understand what it’s all about. He also gives his own thought on each section of the bill, which we found to be immensely enlightening. It’s definitely something all of us should be aware of, so please take the time to read part 3 and part 4 if you haven’t already.
So, were you able to guess who the winner of the “Best Non-Technical Security Blog” at RSA was? Frequently featured in our “Top 3 Blog Posts of the Week” section, it’s Richard Bejtlich of TaoSecurity. If you haven’t already, please take the time to congratulate him!
Well, that’s all for now. Feel free to comment below or send us a tweet @grecs if you feel like we left out a post that should have been included this week.