FRAMINGHAM (11/10/2003) - The most important document a security professional can write isn't a policy document; it's his résumé.
Stories by Vince Tuesday
FRAMINGHAM (10/10/2003) - At 10 a.m., the boss called the entire IT security team into a meeting room, but without the line manager. He said that the line manager had been sacked.
FRAMINGHAM (09/25/2003) - We were pushing for a speedy move to the supposedly more secure Windows Server 2003 -- until we ran into the vulnerability in remote procedure call (RPC) services that use the Distributed Component Object Model. Every version of Windows, including Server 2003, is vulnerable to this latest buffer-overflow flaw. So we're rethinking our plans.
About a year ago, our company detected unauthorized access to an internal system. The attack could have been carried out only by an insider or by an external attacker who had working internal credentials.
I was happily dreaming about a well-secured network when the beeping of my cellphone woke me. It was the office. I'd been away from work for a few days and was making an effort not to read my email or check on the security team. The call gave me an excuse to find out what had been going on.
I've always been lucky when it comes to staffing. I employ people I'm very happy with, and despite high turnover within the industry, I've always managed to retain key people. There are many reasons for this, but hopefully, one of them is because I treat them well and let them develop professionally.
The largest risk my company faces for downtime and lost revenue comes from virus infections.