I’ve sat in on too many presentations lately.  After a couple of them, you start to think “Hey, I can do way better than that!”  And so I’ve been collecting my thoughts to get some presentations down and rehearsed.

Anyway, some sample topics I’ve thought up, hope you like them:

• Security curmudgeon 101:  It all starts with electric shock and goes downhill rapidly
• Contractors Never Go for Broke: how I learned to stop fearing unclear guidance and made a ton of moolah in the process
• Who Moved My InfoSec Cheese:  What to do when the great big SOX cow in the sky dries up
• Leadership Secrets of Attila the CISO: throwing dead bodies and the problem does create a solution!
• $Racial_Slur in the Wire:  why your perimeter is massive pwnage once they get past it
• The “S” in “SIEM” stands for “Suck”: learning how to deal with the limitations of security tools
• Lessons from Language School: how I embraced the language and culture of our sworn enemies so that we could more effectively kill them in a bout of mutually assured destruction and why it seems so quaint in the new millenium
• DAM Solutions: more than just the punch-line to analyst jokes
• Data Reduction for Dummies: since the classification follows the data, if we get rid of it all, we don’t need to secure it
• Physical and Environmental Protection for Packet Monkeys: learning why there’s a big red button on the wall of the data center next to the switches and what really happens when you push it

And, lo and behold, I am available to speak, always have been.  If you like an idea that I’ve put out there, put 3 squirrels on a park bench and I’ll give them a presentation.

• Caught on Tape!
• A Short History of Cyberwar Lookalikes
• Barcode Hacking
• Beware the Cyber-Katrina!
• DojoCon DDoS Video

Potomac Forum is holding a 5-Fridays FISMA Fellows Class in May and June.  Of course, I’ll be speaking/teaching and so will some of the other characters you see on my blog.

Hasty Agenda, you can get more info on the Potomac Forum site:

• Day 1:  Introduction, Determining Boundaries, Inventory, and Data Criticality
• Day 2: Controls, 800-53, Security Planning
• Day 3: Security Test and Evaluation, Risk Management
• Day 4: The Entire Process of Certification and Accreditation, CPIC, Accreditation Packages
• Day 5: COOP, Patch Management, and Graduation Ceremony

The one caveat is that it’s open only to Government employees.

• Speaking in July/August
• Another 2-Day C&A Seminar
• NIST Framework for FISMA Dates Announced
• How I Spent Friday
• FISMA Fellows Spring Cohort

Hello Everybody

I’ll be teaching again with Potomac Forum at the end of the month.  This will be a 2-day Certification and Accreditation seminar.

• Speaking Again
• C&A Seminar in August, Instructor-to-Coolness Ratio Goes Up!
• Certification and Accreditation Seminar, March 30th and 31st
• C&A Seminar, October 15th and 16th
• NIST Framework for FISMA Dates Announced

Oh great Interwebblagosphere and the readers thereof, I am looking for Information Assurance Instructors. I’m down a couple due to work/life/moved away conflicts.

Some of the details:

• You need to live in DC or be willing to make yourself be here a couple days out of each quarter.
• You need to be a “whiz-kid” at the entire NIST IA Framework (not just SSPs, but also ST&E, POA&Ms, etc)
• You have to be able to speak. We’re not talking professional speaker (ala motivational speakers “living in a van down by the river”), but somebody with presence above the normal closeted geek.
• You have to be able to get along with me. Not as hard as it might seem.
• We do have a screening process before you are a full-fledged instructor. Not all have met the standard.

Benefits:

• The pay is absolutely $0 but we make up for it in food, alcohol, and charming conversation.  Occasionally we’ll give you a 20% raise. =)
• You get hella lotta CPEs for CISSP, CAP, CISM, etc.
• It’s a great resume builder.
• You learn the inside secrets on how IA really works.
• You get contacts–Agency CISOs, NIST dignitaries, and practitioners from every agency.

• Metricon 5 Wrapup
• C&A Seminar 25-26 September
• Everybody Else Is Doing It So Why Can’t We?
• Communicating the Value of Security Seminar Preview
• DojoCon 2009 Presentation

We’re having a 2-day Certification and Accreditation seminar in September.  The material is vendor-agnostic (read: no brochures except for more seminars) and we have some good guest speakers lined up including somebody from the NIST FISMA Implementation Project and some of the CISOs around DC.

I might or might not be speaking, depending on how the final staffing works out.  No matter, I’ll catch the next one around. =)

• Another 2-Day C&A Seminar
• Build a Security Program
• FISMA Fellows Spring Cohort
• Your Friendly Neighborhood C&A Podcast Panel
• Certification and Accreditation Seminar, March 30th and 31st

My friends and I will be teaching the NIST Framework for FISMA with the Potomac Forum from July 13th to August 10 in 5 Friday segments.  This is a small (limited to 35) class and is restricted to government employees only because we go down into frightening detail. =)

I always love this series.  The students start out being quiet and expecting us to force-feed them powerpoint slides in the beginning, but by the end, they know the entire IA framework and are very vocal about defending their position on why a certain risk should be accepted or not.  I get all choked up inside to hear people talk about making a cost-benefit-risk decision and giving a system a conditional ATO.

As a side note, I wrote most of the exercises and tell everybody that the actual answer you gave isn’t as important as the logic you used to get there, but really what you should do is pick one answer and be ready to argue. =)

• Always Behind
• FISMA Report Card News, Formulas, and 3 Myths
• FISMA Fellows Spring Cohort
• The Vendors are Already Jumping on the 07-11 Bandwagon
• How I Spent Friday