And the winners are …..

It is that time of year again! Starting today voting is open for the 3rd annual Social Security Blogger Awards.  You can vote at http://www.zoomerang.com/Survey/WEB22BQFS9A3BN/. Be warned that you must leave a verifiable email and blog address in order for your vote to count. Of course the winners will be announced at the Security Bloggers Meet up at the RSA Conference next month.Before I announce the finalists, I want to give a special thanks to our all star panel of celebrity judges:1. Bill Brenner of CSOOnline

2. Ellen Messmer of Network World

3. Kelly Jackson-Higgins of Dark Reading

4. Larry Walsh of Channelnomics

Without further delay I am very pleased to announce the finalists for the 3rd Annual Social Security Blogger Awards:

Best Corporate Security Blog

• Veracode ZeroDay Labs (http://www.veracode.com/blog/)
• Fortinet – http://blog.fortinet.com/
• Symantec Connect (http://www.symantec.com/connect/)
• Gunter Ollmann/Damballa Research http://blog.damballa.com/
• Arbor Networks http://asert.arbornetworks.com/

Best Security podcast

• Pauldotcom http://www.pauldotcom.com/
• Southern Fried Security http://www.southernfriedsecurity.com/
• CERTS Podcast Series http://www.cert.org/podcast/
• The Silver Bullet Security Podcast http://www.cigital.com/silverbullet/

Most educational security blog

• Jeremiah Grossman (http://jeremiahgrossman.blogspot.com/)
• Chris Hoff – Rational Survivability (http://www.rationalsurvivability.com/blog/)
• Jon Oltsik, Enterprise Strategy Group http://www.enterprisestrategygroup.com/category/our-team/analysts/jon-oltsik/
• Naked Security/Sophos http://nakedsecurity.sophos.com/
• Evil Bytes /John Sawyer http://www.darkreading.com/blog/archives/evil-bytes/index.html

Most entertaining security blog

• Naked Security  http://nakedsecurity.sophos.com/
• View from the Bunker  http://viewfromthebunker.com/
• Uncommon Sense Security/Jack Daniels http://blog.uncommonsensesecurity.com/
• Securosis Blog/Insights/ Mike Rothman http://securosis.com/blog

Security Blog that best represents the industry

• Threat Post http://www.threatpost.com
• Krebs on Security http://www.krebsonsecurity.com
• CSO Online Blog http://blogs.csoonline.com/
• Threat Level (Wired) http://blogs.csoonline.com/
• Schneier On Security http://www.schneier.com/

The single best security blog post of the year

• The Death of Security as We Know It (http://techbuddha.wordpress.com/2010/11/16/2011-the-death-of-security-as-we-know-it-or-operationalizing-security/)
• CyberSecurity and National Policy by Dan Geer (http://www.harvardnsj.com/2010/04/cybersecurity-and-national-policy/)
• Ralph Langner, Langner Communications series on Stuxnet http://www.langner.com/en/2010/12/09/our-stuxnet-timeline/
• “SecurityBSides Turned Me into an Adult” by Michelle Klinger, from her Fear Not the Assessor blog http://topheavysecurity.com/2010/12/13/securitybsides-turned-me-into-an-adult/
• Brian Krebs (krebsonsecurity) Sept. 30, 2010 “U.S. charges 37 alleged money mules” http://krebsonsecurity.com/2010/09/u-s-charges-37-alleged-money-mules/
• “How to Become an Information Security Thought Leader by Chris Eng  http://www.xtranormal.com/watch/7897173)

Every single one of these blogs is already a winner having been selected by our blue ribbon panel of judges. Voting closes at the end of the month, so please don’t wait to vote!

2011 is here, and for those of us in the mix so is RSA Conference 2011. Many of us  have already been working with clients on their plans and pitches for the event and the veterans among us know that by now we should be focusing in on what our news will be and how to best present it within a crowded, competitive and aggressive field.

Last year I polled a number of journalists and analysts regarding what they look for in compelling news, most pointed out directly that they wanted to know two things, 1.) what’s new; and 2.) why is it important to the readers. To expand a little on both:

“What’s New.” This is not just the what’s new surrounding your company and product but also the what’s new to the industry. If you want to be successful with journalists, it is of utmost importance when telling your clients’ stories that you are able to pull out of the marketing exactly what’s new in terms of the technology and its application and why the latest version can do something in a way that has never been done prior.

“Why Important.” I can’t emphasize enough that trying to tell a journalist or analyst that something is important because a vendor says it is just doesn’t cut it. You need facts, data and feedback from the field that validates your position. Trainer Communications managed a recent launch by our client eEye Digital Security where we talked in-depth about the new product line, but to truly achieve recognition we anchored it to a neutral research report that included a survey of over 1,900 respondents — demonstrating the problems and needs within the vulnerability management market. This was just the news journalists needed to make a compelling story.

If you are headed to RSAC 2011 with clients this year, I can’t emphasize enough two things: What’s New and Why is it Important. And, remember to back both up with neutral facts. To read about what the journalists and analysts said last year, visit: Tell Me Something New, Please.

One other thought, this year RSAC is going to be especially productive for Trainer. In addition to representing clients on the show floor, we are also going to host an event in tandem that will focus on educating vendors on how to improve their market visibility through PR and marketing. The venue is being finalized, but the free lunch will play host to a number of enterprise buyers, vendors, press and media who will provide candid opinions on the topic. If you are interested shoot me an email at jfranscella at trainercomm dot com.

We work hard at Trainer Communications, we also like to have fun. As always, the Halloween office dress up …

Left to right — Ross Perich, the Cal Bear, Justin Gillespie, the 70′s rocker, CEO Susan Thomas, opportunity in disguise, Joe Franscella, the Clone Trooper, Kelly Kramer, the PicScout picture scout, April Rudish, the doctor is in, Larry Smalheiser, the vacationeer. Happy Halloween!

I always enjoy reading Jenn Leggio’s Social Business column at ZDNet and am thoroughly enjoying 100 Brains. Today she interviews Microsoft Security Guru Katie Moussouris, focusing on some social media security specifics that I found particularly interesting.

Before writing about what I found specifically intriguing, I want to digress slightly to headlines of the past couple days related to Facebook’s third-party app privacy flaws (or I guess you would call flaws “features” if you were on the third-party app side ). The headlines made it sound as if there was some profound revelation in that Facebook was — can you imagine — not protecting users’ privacy, gasp! When the headlines broke, the first thing I posted on my Facebook was that I could hardly believe by now that anyone using Facebook does not understand that virtually anything and everything they post is, in a word, accessible. Anyone who hasn’t figured out that Mark Zuckerberg is providing a place to “share” and not “hide” information really doesn’t get the whole point of the site.

Back to the Leggio column with Moussouris. The QA I found intriguing (because it backs my opinion) is this:

Q. There’s a lot written about security and social media and education. Do you think it is reaching the right people?

A. I think that it doesn’t matter who it reaches, as there will always be people who will flock to social media sites regardless of whether or not their info is secure.  I personally assume and accept the elevated security risk in using social media. There was a time I tried to resist using graphical web browsers (I used lynx), due to my inherent paranoia, but the draw of The Onion online with hilarious photos drew me in and I began using another browser.  Similarly, the convenience features, and lure of all your friends in social media will draw even some of the most paranoid security people to join in. I think the right education for everyone about current social media and security is to set the expectation that it bears security risk, and that’s that. Use at your own risk!

Facebook, and any online social community, “bears security risk, and that’s that.”

One final thought:

There are instances where security risks on Facebook and the like aren’t inherent in the purpose of the technology, which, again, is to share and not hide information. These instances include social engineers and other attackers who blatantly attempt to suck users in with malicious links and nefarious offers. Does Facebook have an obligation to keep the criminals out and its users protected? I don’t want to get into this philosophical argument but I will opine that we — users — are placing a rather unrealistic expectation on Zuckerberg if we thing that he alone can solve the problem of Internet crime and security.

Market leadership is all about positioning, doesn’t matter if that market is IT, consumer or politics.

Today the Obama Administration made former Chief of Staff Rahm Emanuel’s departure from the White House official. Emanuel now heads back to Chicago to run for the Mayor’s seat. Talk about your long-term positioning strategy in action — nicely played Dems!

If Emanuel succeeds — and BTW he’s not running against an incumbent as current Mayor Richard Daley is not seeking re-election — he’s in a perfect spot to succeed his now former boss as President, if Obama wins in 2012 that is.

If Emanuel wins, his term as Mayor will expire in February 2015, just ahead of the end of (again if he wins) Obama’s second term, which ends in 2016. Can you say perfect timing to run for President?

By removing Emanuel from the top seat and placing him into a tough-and-gritty city ripe for reform and rescue from the recession, the Dems get to position Emanuel as:

•    A successful reformer (the recession will probably end within the next few years and he will get to take credit for Chicago’s recovery regardless of whether or not he has anything to do with it)
•    A Washington outsider but someone who understands Washington politics (he will have been gone from the Beltway for at least four years by the next Presidential election but has spent significant time within it)
•    Oprah’s neighbor

Again, well played Dems, you should get the National MarCom award for long-term positioning strategy.

One final thought, if I was a Chicago resident, I would be very excited over the prospect of Emanuel taking over my town, talk about a man who could scoop up federal funds. I don’t think anyone since Senators Byrd and Kennedy have ever been in that advantageous of a position.

I’m a social mediaphile. I have a passion for all things social media and the technologies that enable them. I was particularly intrigued when a client of mine pointed out the Kansas City firm SocialVolt to me. SocialVolt is a social media management platform that claims to provide management and monitoring of social media discussions across multiple social technologies in a single dashboard-type of location. OK, no big differentiation from what other similar types of tools do. There was one particular capability SocialVolt provided that I found intriguing though — its compliance functionality.

I didn’t have a chance to speak with anyone at SocialVolt, but their website reads:

Using STUDIO’s first in class compliance feature set, organizations can now determine compliance rules, utilize sustainable discussion databases as well as backup and archive all conversations. Organizations can now scale social media across an entire enterprise without having to worry about jeopardizing their brand name!

If it actually works, its impressive to say the least to think that a regulated organization can cut loose on social media without worrying about compliance related issues. What’s even more intriguing is that SocialVolt doesn’t just stop at claiming to enable compliance, it specifies specific regulations it works with:

Whether it’s FINRA, FDIC, OCC, HIPAA or your own internal compliance officers, STUDIO gives you the tools you need to supply detailed research on any social media activity originated in STUDIO and even activity originated outside STUDIO.

Considering the speed at which companies such as Kaiser are utilizing new media services to market health care products and services, HIPAA coverage I think is an especially smart decision they made.

Definitely an intriguing technology that is worth watching, especially as social technologies become more and more embraced by mainstream internal and external marketing organizations now realizing that it is a powerful communications channel that delivers results.

One thing I would like to see out of SocialVolt is a customer use case posted on the website or even some commentary on a blog or two about how regulated companies are using the technology. For now, I rate them as a definite company to watch.

Las Vegas, NV – After two days of Black hat I now see the relationship between that event and DefCon. Black hat seems to be the place where IT security vendors try to convince the world that they can protect the Internet, whereas DefCon attendees clearly — whether they say it or not — are well equipped to slash through everything being sold at Black hat. It seems like it would make more sense for DefCon to come first and Black hat to follow, that way media, analysts and enterprise buyers could first find out the latest looming threats on display at DefCon and then be well equipped to ask Black hat exhibitors if their products could withstand the attacks.

For those who could not attend this year, there has been a lot of great coverage emerging and a few interesting photos as well. My favorite, one I shot today of the Mohawk hair cutting station on the middle of the main pavilion:

Interesting thing about IT security, it really is a lot like what you see on TV. A lot of well-dressed suites and highly educated men and women on the sales, marketing and business side with crazed technophiles puttint it all together behind the scenes.

Anyway, lots of great stories and photos are coming out of the event. Check out all of the usual IT haunts for coverage. I plan to post a more comprehensive wrap up tomorrow. Hopefully with some video.

PLEASANTON, CA  – June 29, 2010 -  Trainer Communications, a full-service public relations, integrated marketing and social media agency servicing the enterprise and consumer technology sectors, today announced that the San Francisco Chapter of the Public Relations Society of America (PRSA-SF) has honored the agency with the Northern California Silver Anvil Award for “Best Integrated Consumer Product or Service Campaign.”

Trainer’s winning Zazzle campaign, comprised of strategic top-tier business publication and holiday gift guide placements, and national consumer broadcast segments, resulted in billions of impressions worldwide. The Silver Anvil awards emcee Tom Vacar, an award-winning journalist for Channel 2 Fox News, made note that Trainer had earned the distinction of being the only company in the past 25 years to receive a perfect score by the judges. Trainer CEO Susan Thomas, along with several Trainer team members, attended the gala event held in San Francisco, Calif. on the evening of June 17, 2010.

Trainer, a previous Silver Anvil award winner, was selected based on PRSA’s comprehensive evaluation system that stringently assesses overall campaign objectives, strategy, tactics, execution and results. The core elements of the Zazzle campaign included:

* Expert-driven strategies on news releases and key media targets
* Tactical use of state-of-the-art PR management tools
* Award-winning Metrics Matter™ best practice methodologies

“More than just our PR agency, Trainer Communications is a strategic partner whom we collaborate with on a regular basis to help build our business. Trainer consistently executes creative campaigns, delivers stellar results based on its Metrics Matter approach, and almost always exceeds expectations. We offer our congratulations on Trainer’s perfect-score award win and look forward to teaming with Trainer on additional award-winning work in the years to come,” said Michael Karns, marketing director for Zazzle.

In addition to this PRSA Silver Anvil, Trainer is being honored this week at a gala event hosted by the Bulldog Awards in New York City for “Agency of the Year.” Trainer will also receive the 2010 Bulldog Award for “Best Campaign Under $100,000,” saluting Trainer’s PR innovation for its highly successful “Data Robotics Goes Pro” campaign. These three awards add to a growing list of national acclaim for Trainer which, among other accolades, has also won the 2008 Bulldog Award for “PR Innovation of the Year” for its Metrics Matter methodology, the 2009 Sabre Award for “Best Agency to Work For,” and the 2009 MarCom Gold Award for “Excellence in Publicity Campaign.”

“While these awards validate our PR and marketing prowess, what’s really important is the value our campaigns create for our clients to help drive their business. We are honored to represent clients like Zazzle that encourage us to perform at elite levels all of the time,” said Susan Thomas, CEO, Trainer Communications. “While we strive for perfection in all that we do, we are truly humbled to receive the first-ever perfect score in the 25-year history of this prestigious award.”

About Trainer Communications
Trainer Communications is the premier provider of integrated marketing and high-tech public relations services. Specializing in technology, the agency offers deep domain expertise across data infrastructure, information security, optical and wireless communications, enterprise software, networking, and consumer industries. Trainer represents emerging and high-growth technology companies that lack the market recognition and visibility needed to meet business objectives and is the only agency that guarantees quantifiable results with its Metrics Matter™ methodology. Established in 1995, Trainer has represented more than 200 companies, including one-third that resulted in a positive liquidity event. Notable successes include Brocade, Cloudscape, CrossWorlds, Data Domain, G-Log, Itronix, Oblix, Sygate, Trigo, Versata, and WhereNet. Based in Silicon Valley with nationwide coverage, the agency has received numerous awards, including the 2010 Bulldog Award for Best Small Agency of the Year and Best PR Campaign Under $100K, the 2009 and 2008 MarCom Gold Award for Best Publicity Campaign, the 2009 Iron Sabre Award for Best Agency to Work For, two 2009 National Videographer Awards, the 2008 Bulldog Award for PR Innovation of the Year, and the 2008 Iron Sabre Certificate of Excellence for Product of the Year. For more information, visit www.trainercomm.com.

Follow Trainer Communications

Twitter: http://twitter.com/TrainerComms

Facebook: http://www.facebook.com/TrainerCommunications

LinkedIn: http://www.linkedin.com/companies/trainer-communications_2

Posted by Joe Franscella, 6-7-2010:

My college days are long behind me, but through the years I have still managed to keep a few extra pounds on by caving to my late night Big Mac cravings, here and there. This seemingly harmless guilty-pleasure is probably something I will never shake (no pun intended). What can I say, I’m a product of the “two all-beef patties, special sauce, lettuce, cheese, pickles, onions, all on a sesame seed bun” generation.

MAC attack! It means something totally different now. A few years back when I went all MAC for my home and personal computing needs it was based on three things, 1.) Coolness (yes, this came first), 2.) Ease of personal media creation and distribution, 3.) I was in publishing, used it in my work environment and liked it.

When I went MAC security wasn’t an issue for me. I was more than comfortable with knowing that my MACs weren’t high-priority targets and felt secure installing the semi-regular security updates sent out by Steve Jobs’ crew. Having just gone through the hassle of fixing a PC attacked by malware though, which leveraged its way in due to a simple false move where I clicked a wrong link, I now have a different attitude. Which is why I took steps to improve my MACs’ security.

Last Friday, SC Magazine’s Dan Kaplan wrote a particularly telling piece related to the growing MAC security problem. Spyware that targets Mac applications still lingering, Kaplan reports:

A purported spyware application bundled with roughly 30 Mac third-party screensavers is back active after its maker temporarily stopped distributing it.

The software, dubbed OSX/OpinionSpy by Mac security firm Intego, is rated high-risk because it scans files, records user activity and sends that information back to remote servers via a backdoor. Officially known as PremierOpinion,  the software is not initially contained in the screensavers but downloaded during installation.

A great summary of what it is and what it does, what I found equally interesting was this paragraph:

“The malware, a version of which has existed for Windows since 2008, claims to collect browsing and purchasing information that is used in market reports,” an Intego blog post  said. “However, this program goes much further, performing a number of insidious actions, which have led Intego to classify it as spyware.”

Why did I find this interesting? It demonstrates clearly that Windows OS hackers are continuing to target MACs more frequently. Also, it shows that the millions — maybe billions? — of ultra-successful Windows exploits that have been prevalent for years are easily adapted to targeting MACs. To get at your MAC, cybercriminals don’t have to wait for a MAC-focused hacker community to mature to plan mass hits, they can rely on an abundance of tools already available.

Trainer Communications’ PR and marketing professionals were, again, all over the RSA Conference, myself included. This year was especially exciting as the amount of client’s we were representing there increased 300 percent over 2009 and this year we conducted two surveys for our clients PacketMotion and Brocade and helped our client Secure Passage out with social media activities management and execution. In general, I’d estimate that Trainer’s increased RSAC presence and that of its clients is a great indication that, despite the slow pace of the improving economy, the IT security industry remains strong and continues to grow.

Angela Griffo’s crew did a bang-up job with the Brocade survey, I found some of the results to be especially interesting, especially the one on whom within enterprises security pros are the most concerned about spying on behalf of. I thought for sure that IT security folks would have a major concern that foreign government spies were after technological advancements, after all, the Constitution of the People’s Republic of China is riddled with amendments that almost say “economic advancement at all costs.” But not so, the vast majority of infosec pros surveyed, 41 percent, stated that they were more concerned that there might be internal spies working for competitors. Check out the conclusion:

A result that I found to be equally intriguing was the one that asked whether or not security policies were being enforced. Seventy percent of respondents said “yes,” but this made me wonder exactly how effective or comprehensive the “enforced” policies really are, especially in light of the use of social networks in the workplace and personal devices being used to access networks. If you check out this video we put together for PacketMotion, you’ll notice that eBay’s Information Security Chief of Staff points out that mobile devices are something everyone has and uses for work these days.

Click here to view the embedded video.

Back to the enforcement question, here’s the total results of the question:

I know I am behind a week on my “What is the Cloud? Film at 11 Post,” but that’s coming soon, I promise. Things are really picking up at Trainer and I have little to no time to blog lately, but I am starting to carve out room.

]]> http://www.securityheavy.com/2010/03/rsac-2010-survey-says-competitors-biggest-spy-threat/feed/ 0