Top 3 NoVA Infosec Blog Posts of the Week

Where can you find a book review, information about the 60-day security review, and humorous commentary about the Verizon report all in one place? This post, of course. Finding the best posts by local security bloggers, we do our best to make your Mondays a little more interesting.

# 3 – Hack This Book Again: It turns out that @carnal0wnage isn’t the only one who decided to review Chained Exploits: Advanced Hacking Attacks from Start to Finish; Richard Bejtlich of TaoSecurity also reviewed Chained Exploits and arrived at a slightly different conclusion than @carnal0wnage. As you can see in our post from last week, @carnal0wnage felt that overall, the book wasn’t of particular use to professionals already in the security field. In contrast, Bejtlich says that while he agrees with some of the negative comments about Chained Exploits, he feels that many of the comments are unduly harsh. As he says in his review, “I don’t think it’s strictly necessary for a book to contain brand new security techniques in order to qualify for publication,” and that Chained Exploits does a good job of providing both old and new information. You can read the full review here.

#2 – 60 Days And Counting: With the 60-day security review nowhere in sight, @rybolov sums up our feelings perfectly when he says “I’m trying hard to be understanding here, I really am.  But isn’t the administration pulling the same Comprehensive National Cybersecurity Initiative thing again, telling the professionals out in the private sector that it depends on, ‘You can’t handle the truth!’” With the review supposedly turned into President Obama on the 17th, @rybolov makes the astute observation that “our information sharing from Government to private sector really sucks right now.” @rybolov then goes on to talk about how the government can’t seem to decide whether they’re a partner or a regulator, and why they need to choose one or the other instead of trying to (rather unsuccessfully) be both.  Because as @rybolov points out, the ‘are we a regulator or a partner’ conundrum is making it hard for the private sector to do their job. You can read the full post here.

#1 – Verizon in 5 Minutes or Less: If you didn’t get a chance to read our take on this year’s Verizon report, Bejtlich has a great summary of it that will take you about 5 minutes or less to read. Taking screenshots from the report and adding a small commentary to each of them, what he had to say seemed to spark quite a discussion with readers. You can view the full post here.

Well, that’s all for this week. Be sure to check out our Blogs/Podcasts page for more great security bloggers in and around the NoVA area. Also be sure to drop us a line if you know of a blog or podcast that should be added to the list.


In addition to registering for SANS events through NovaInfosecPortal, you can also help keep the site going by becoming a subscriber.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.