Posted by Joe Franscella

I’m not big on press releases or announcements that start off by stating “… is pleased to announce …” But, I gotta say that in this particular case I really am pleased to announce (on Security Heavy) Trainer TV, my firm’s video contribution to the IT, marketing and public relations spaces.

Trainer TV is Trainer VP Ross Perich’s long-developing idea in action. Ross has brought his experience and talent as a former TV reporter and AP award winner to the regular show that not only showcases what’s happening in IT, marketing and communications, but also Trainer’s prowess at producing video. I am proud to say that I am Ross’ right hand man in the endeavor, have the opportunity to do much of the shooting and editing and I get to apply my skill at chroma keying and inserting digital backgrounds (unlike agencies that outsource this level of technical production, Trainer does it all in-house).

The first two segments we’ve released feature insight from security executives  interviewed during the Executive Women’s Forum (EWF) party held during RSA Conference 2009. The one above is about what keeps security executives up at night and the one below is about threats execs are on the look out for. Both  include comments from the heads of security at enterprises including McCormick Spices and Braclays Bank. We have more IT security segments coming out over the next coupld of months.

Click here to view the embedded video.

ThreatPost.com Editor Ryan Naraine talks about his new gig during RSA Conference 2009.

ThreatPost.com from Joe Franscella on Vimeo.

IT security solutions vendor Kaspersky Lab specializes in reducing risk, ironically though, it has thrown its hat into the most risky industry of the day – news. A few weeks ago at RSA Conference 2009, Kaspersky launched ThreatPost, a news and community network for the broader IT security neighborhood.

Is Kaspersky worried about backing a news venture during an era when major outlets are shutting doors, laying off and cutting back? The answer seems to be no.

Editor and Kaspersky Lab Evangelist Ryan Naraine is confident in ThreatPost’s potential for success. Unlike traditional news outlets that rely on the ad/subscription model for revenue, ThreatPost will enjoy the backing of a corporation committed to the project.

Randy Drawas, Chief Marketing Officer of Kaspersky Lab Americas said, “Part of our mission as a company has always been to keep our customers informed about the latest threats that exist and partake in the public discourse concerning the issues our business revolves around. ThreatPost provides us the opportunity to drive the public discourse and from the top on down we are committed to the success of the site. We also know the only way a site like this one can be successful is to keep it open and trusted and are committed to ensuring that line is never crossed.”

ThreatPost ‘s plan for success is unorthodox. Rather than try and compete with other IT security news outlets through the “loyalty” model, it plans to attract readers by providing a mix of original and aggregated content along with a guide to other sites’ IT security news. Naraine explained that he and editor Dennis Fisher are providing the site’s original content and that other sites and contributors are providing the rest. The end-result is a space where readers can get a “snapshot” of current security issues and then directed internally or externally to where they can read about them, according to Naraine.

“It’s very difficult to expect readers to go to one place and stay there all day and that’s why the ThreatPost aggregation concept of sending them away to bring them back is a big part of what we do,” said Naraine. “Corporations have seen the value of using this kind of community-based social media to hit the target audience.”

Naraine and Fisher aren’t concerned that Kaspersky’s ownership of the site could taint its objectivity. Naraine emphasizes that there is clear “church-state separation” and that it is a legitimate media site.

Neither Naraine nor Fisher are rookies to the IT security news industry. Prior to ThreatPost, Naraine covered infosec for eWeek and ZDNet. Fisher, also a Kaspersky evangelist, did the same at Tech Target and eWeek. Between them, they bring two decades of IT news coverage experience to the publication.

Public relations and marketing professionals salivating over the notion of a new news site should take note, Naraine says that the site is absolutely not — under any circumstances — covering product announcements, news or doing any reviews.

“We draw the line at products, we don’t cover product news, we don’t do product reviews or any of that stuff,” said Naraine. “We cover anything data security related — threats, trends, malware issues, anything around social networks that can put users at risk … we run the gambit.”

Posted by Joe Franscella

Found threatpost.com to be quite intriguing – I think its good news for the news industry that corporations are stepping in to fill some of the gaps that the slowing print industry is experiencing. Had a chance to interview editor Ryan Naraine on video about the new Web tech news outlet, I’ll be posting it next week.

Security Blogger Network Meet-up – Appreciated being able to mix with and meet some of the people I read ever day outside of the pressure of trying to pitch them; especially enjoyed the conversation with Chris Christianson on firewall audits.

Appreciated Andreas Antonopolous‘ virtual security panel with Chris Hoff, Simon Crosby, Stephen Herod and – sorry – can’t recall the other panelist’s name. Thought Andreas did a great job pulling the whole thing together with some actual solutions to the challenge.

Posted by Joe Franscella

When queried on the potential effects of a budget decline, 30 percent responded that their chief concern would be protecting against new security threats. The second biggest concern from the group of respondents was that they wouldn’t have the staff or resources to comply with audits and other regulations.

The number one category of security spending expected to be negatively impacted by a security budget decline was security training — a full 30 percent of respondents classified this as the first area to be sacrificed. Next on the list was network security — where 25 percent of respondents believed this would be an area they could trim their budgets. The most protected area of security was remote access — only three percent of the respondents felt they could trim spending in this category. The next most protected area was desktop access, where only 13 percent of respondents would expect to cut spending in this category.

The survey polled 109 conference attendees that are involved in the IT decision making process for organizations within a wide variety of industries, including health care, government, financial, insurance and telecom.

Join Secure Passage in a discussion of this survey and other security related topics on Twitter @SecurePassage, Facebook, and LinkedIn. For more information on Secure Passage, stop by booth 553 on the RSA Conference 2009 Expo floor.

Posted by Joe Franscella (Disclamer – I represent Secure Passage)

Sixty-nine percent of respondents defined a virtual firewall as software running on a virtual system. However, the largest deployment of virtual firewalls provided by the leading vendors are firewall devices running multiple firewall instances. This gap indicates a lack of understanding of virtual firewall solutions available, vendors’ failure to meet market demand, or both. At a minimum, it strongly suggests a need to more clearly differentiate the solutions being provided today.

The number one management concern about virtual firewalls is the increase in complexity caused by the growth in the number of firewalls, polices, rules and objects. Closely following the top concern is the additional management burden caused by the lack of automated tools and resources to effectively address the increase in complexity. These concerns may explain why 64 percent of respondents do not feel that virtual firewalls will gain widespread adoption for another two to three years.

Forty-two percent of respondents identified that their top security concern about virtualization is users creating unauthorized virtual environments. Twenty-seven percent of respondents are concerned about their limited view into the host operating system and virtual network to identify vulnerabilities. Similar to traditional firewalls, misconfiguration of virtual firewalls is one of the top three concerns.

The survey polled 109 conference attendees that are involved in the IT decision making process for organizations within a wide variety of industries, including health care, government, financial, insurance and telecom.

Join Secure Passage in a discussion of this survey and other security related topics on Twitter @Secure Passage, Facebook, and LinkedIn. For more information on Secure Passage, stop by booth 553 on the RSA Conference 2009 Expo floor.

Posted by Joe Franscells (Disclaimer – I represent Secure Passage)

To participate in the discussions and view the survey results, join them on Twitter @Secure Passage, Facebook and LinkedIn.

The discussion-sparking surveys are “Virtual Firewalls: Myth vs. Reality” and “Impact 09: How Reduced Spending is Affecting Information Security.” The virtual firewalls survey will look at how enterprises are using virtual firewalls in their enterprises; the IT spending survey will reveal how the current economic situation is affecting IT security spending and security overall. Both surveys will poll IT security decision makers from a wide range of industries. Results from the virtual firewalls survey will be released on Tuesday, April 21 at 4 p.m. PST; the IT spending survey results will be released Wednesday, April 22 between 9 a.m. and 11 a.m. PST.

Trainer Communications will also be there in force. Several companies are meeting with the company’s CEO Susan Trainer and Security Practice Vice President Mary Van Zandt to discuss how to improve their current marketing and communications. Both Susan and Mary have been in the marketing and communications game for more than two decades and Mary has spent a majority of that time focused on IT security. If you are going to be at RSA next week and want to get a gratis competitive media analysis between you and a leading competitor, contact Mary at mvanzandt at trainercomm dot com.

Until then – see you at RSA!

Posted by Joe Franscella

According to RSA, Innovation Sandbox highlights include:

• Demonstrations from information security’s new rising stars, including start-ups and early-stage companies 
• “Most Innovative Company at RSA Conference 2009″ contest, judged by a panel of industry experts and thought leaders
• “Whisper suites” showcasing new R&D breakthroughs from industry-leading companies
• Interactive whiteboard sessions focused on tomorrow’s security challenges, facilitated by renowned information security experts Hugh Thompson (Chief Security Strategist at People Security) and Paul Kocher (President and Chief Scientist, Cryptography Research)

It sounds like a coo place to be, hope to run into some of you there.

Posted by Joe Franscella