Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc


29 Sep 2016

Many people recognize the potential to increase the number of women in Information Security.

“When the ISC2 2015 Women in Security Study came out last year saying there’s been no growth; basically stagnation, in terms of including more women in this particular field, that’s of interest to me, being a woman who works in Information Security,” said Laura Payne, Senior Information Security Advisor, Bank of Montreal. “We have a huge shortage of qualified resources in this field, and by all means we should be finding and encouraging those women to join.”

Payne will be leading the keynote discussion at SecTor 2016. This keynote is a conversational presentation on what encouraged the female panelists to enter this field. The audience (expected to be about 90% male) will want to know, ‘What can we do?’  

“I think a stigma is you have to fit a certain kind of box,” she said. “The reality is there are many areas -- pen testing, governance policy writing, risk management, communications -- and all of those things require sold grasp of the technical parts of information security. But they’re a different kind of role. Opportunities are there that fit things women are interested in.”

It’s known that that interest in math in young children is the same for both genders. Later something happens around STEM topics that hasn’t been sorted out, which seems to close some doors. Someone who might be interested in security might never see information about it, or even have the chance to discover if they’re interested in it.

“Making sure there is opportunity and awareness is 50% of it; that doesn’t mean you have to wear a hoodie and be alone in your parents’ basement,” said Payne. “This is about helping people be protected. We’re protecting customers, and the livelihoods of people who work in industries that may be jeopardized. That resonates with women… the technical skill comes down to ‘what I can do with it’, rather than the fascination with the technology itself.”

That protection part is a bonus when talked about. Security professionals are doing it for people, and to make things better for our society. It’s not because they’re hoarders and don’t want to share… it’s because they want to provide safe and secure environments with which people can interact. We can live safely, securely, and comfortably using technology assets.

Which raises the stereotype of momma bear protecting cubs. Relating Payne’s original point back to people, two things got most women into information security…
1. Contributing in a meaningful way, not just to themselves, and
2. Someone had pointed out, ‘Hey you’re pretty good at X, and that’s a skill we can use. Would you consider a role or study that leads to a role in information security?’  

“In my case I was doing ITIL processes, and an opportunity opened to be information security officer for that team,” Payne said. “My manager at the time encouraged me. He said, ‘Look, you’re already doing business continuity, disaster recovery, and audit responses as part of your daily duties. Really all you need is a bit of knowledge and you’d be a great for this role.’ If he hadn’t said that I wouldn’t have even considered applying for it, and years later I’m still here.”

Her experience runs counter to another stereotype; that of men wanting to keep security as their own version of The He Man Women Haters Club.

“Fortunately I haven’t experienced that, altho I have heard things anecdotally,” said Payne. “More commonly I run into people who just don’t know what they can do. The people I’ve talked to are supportive. First thing that comes up is, ‘We don’t want to fill positions to hit a certain percentage.’ I’m not interested in having unqualified people in this profession any more than anybody else is.”  

So how do you find those with the qualities for information security?

“The way we write job descriptions – especially in technology – focuses on technical skills. Anybody technically apt can pick up those skills. It’s the critical thinking and soft skills that are important, and people with those can come from a wide variety of backgrounds.”

Also helpful is demystifying security for those who may not be aware, or who labor under misapprehensions about the field. Hence this SecTor keynote panel.

“It won’t be scripted; it’ll be fresh for the audience, and it’s not about ‘guys are terrible and we need more women,’” Payne said. “We’re a community. We want to bring this discussion to the human level of why each of us got into it, how those backgrounds are successful, and how to find people who might not be cookie cutter tech mold candidates, but who have other qualities that make them great IT security candidates.”

To attend the session register for SecTor 2016 here.

1 Aug 2016

When his yacht reached the open ocean the businessman pulled out his laptop and sat down to work on his important documents.

After a long period of serious concentration he stood up to stretch, just as the stern of his yacht dropped into the valley of a deeper-than-average swell. The sudden unexpected pitch of the deck caused him to lose his balance. As he instinctively snatched at the top rail to keep from falling, his laptop tumbled overboard and quickly sank to the sea floor below.

Lacking diving equipment and skill, the businessman had no choice but to note his GPS coordinates and return to harbor.

His laptop sat at the bottom of the sea for three weeks, until he found a diving company willing to search for such a tiny object in the vast ocean. Incredibly, the divers found it.

Time continued to pass as he pleaded with data retrieval companies to recover the only copy of his vital information.

Each of them examined the drive exterior, asked him the same questions, and upon learning the drive had sat at depth under salt water, said they could not help him.

“I think it was a good thing the others didn’t try, because it’s likely they would have prevented us from retrieving anything,” said Igor Samuilik, Senior Data Recovery Engineer at ACE Data Recovery. “We design and build our own recovery hardware. Everybody else is capped by the capabilities of the commercially available hardware they buy. We’re not. And so we got his data back.”

Over the 35 years ACE engineers have been retrieving data, they have developed unique proprietary hardware and software for recovering data from the spinning platters of computer hard drives. Indeed, the company can recover data from every storage media type – hard disk, tape, flash drive, RAID servers, solid state drive, and even floppy drive.
The company provides its services because – like the businessman on his yacht – most users remain unconcerned about securely backing up their data until it’s too late.

“When the others fail we get it,” said Yevgeniy Tolkunov, CTO. “While some user-installed recovery software has become popular recently, few people know that you can damage your media to the point at which data is not recoverable at all. We can even recover data from slightly damaged platters. If you try that software at home or work and your hard drive platters are damaged, your data will become unrecoverable.”

If you’re unable to read from or write to a hard drive, first get it to ACE Data Recovery, using any available means. Once it’s there, ACE engineers perform a no-cost diagnosis.

“The diagnosis tells you…
1.    That we can get the data
2.    The primary cause of failure, and
3.    The cost of retrieval.

“Once you give approval it’s up to us – we don’t get paid until we deliver your data to you,” said Charles Walker, CEO. “We’re pretty confident we can do that, because we have the best recovery engineers in the business.”

ACE Data Recovery engineers are selected from the very best candidates around the world. Each has at minimum a computer engineering degree. They work in the four data recovery labs ACE operates in the USA, each of which has class 100 clean rooms.

It also operates 25 data recovery service centers across the USA, and six more in Canada. For customers not close to those locations, certified partners in the USA are ready to help recover data from compromised storage media.

To maintain the integrity of your data, engineers “capture an image” of the data on your drive, and place that image on another drive, called – logically enough – the image drive. Then they go to work on recovering data from the image drive, using expertise that ACE has developed over three and a half decades of recovering lost and corrupted data. 

Once your data is recovered, the Quality Assurance department performs a quality control check, to ensure your data is there for you to see and use.

“We keep the image drive for five business days in case there are any issues,” Samuilik said.  “After that we securely erase data from the image drive.”

Customers receive their recovered data on media provided by ACE. The media depends on the data, and is usually either an external drive or flash drive. “We work with the client,” Tolkunov said. “We can send their data to them via FTP or one of the cloud services if that’s what they want.”

Some customers, in a hurry or far from an ACE facility or unable to ship a server, ask if their data is remotely recoverable.

“Whenever a customer wants data recovered from a logically corrupted SAN, NAS, RAID, server application, or Virtual Machine, we first find out what their requirements are. Then we remotely connect to perform a full diagnostic, and prepare quote” said Samuilik. “If it is a logical issue we use our own tools to recover the data. Physically damaged drives must go to one of our facilities.”

29 Mar 2016 -This device with training can prevent instances of a common form of data loss.

Users are the weakest link in the security chain. It’s always been that way and likely always will be.

Apricorn has a device IT administrators and information security professionals will appreciate, as it makes securing information very simple. Of course it's not foolproof, as fools are so inventive that nothing is every fully foolproof.

Aegis Secure Key 3.0 is a USB 3.0 device with built-in keys that allow a user to set the key.

Touted as waterproof – we didn’t test that aspect – and weighing 45.3 grams, our evaluation model has 30GB capacity.  

Instructions are very simple – first time setup requires six steps.
There are only three steps to unlocking it.
Adding a new user PIN requires six steps.
A full reset takes three steps.

Keys are from 7 thru 16 digits, meaning an unthinking user can use a telephone number (yes, it’s bound to happen). Consecutive numbers are not allowed as keys, nor are all the same numbers. With minimal thought even the thickest user ought to be able to enter a strong yet memorable key.

The Aegis is formatted for NTFS and ready for Windows users. Mac users will need the Disk Utility to format it for that file system.

An internal battery is charged from the PC USB port. The red LED pulses when the battery is charging. Apricorn recommends charging for 60-80 minutes before first use.

If you’re going to allow USB sticks on your network – and very few admins do not – then you’d best ensure your data are removed and transported while encrypted. The Aegis protects your data with 256-bit AES encryption.

It’s not viewable in Windows Explorer until unlocked. After unlocking, if not accessed for 30 seconds it returns to sleep mode, and is no longer visible in the directory. That’s excellent for protecting the data of typical users who walk away from their desks with USB keys still in the port.   

Considering the number of users who insert USB sticks they’ve “found” into their work machines and those who lose USB keys containing important data, it seems obvious the Aegis is an answer to one of every administrator’s nightmares. 

19-October-2015 Bitcoin wallet now used in 100 countries.

Read More

5-October-2015 Mobility doesn’t have to mean insecurity.

Read More