Supporting Hackers For Charity

Something in the back of my head told me to check out Johnny Long's Hackers for Charity website today to get an update on what's been happening with him and his family.   I hate to say it, but I let this go "out of site, out of mind" for me.  As I looked at the donor cloud and I noticed it was empty. Really?!?! Empty?!?!(technical issue maybe? I just donated to test it) I can't imagine that hasn't been any sponsorships in a month.

I realize there are multiple ways we all contribute to HFC (General Donations, Equipment, Software, Time/energy, Books, etc), but the donor cloud being empty worries me that maybe others have also let this go "out of site, out of mind" for them as well.  So consider this message a small reminder!

Get Involved with Hackers For Charity!

Whatever you can do, buy shirts, donate via Paypal, donate equipment, join Informer - every little bit helps a great deal over there.

In case you didn't know Johnny Long and his family through HFC support a couple of incredible missions in East Africa

1. Food Program in Kenya (You can help via the Donor Cloud on his website).

2. Classroom Initiative where with AOET they have built three classrooms already to help empower the Ugandans to learn and do for themselves!

Since his first trip, Johnny has inspired me to be better and to do more wherever I can.  His story is amazing.  He gets energized by our (community) support!  Personally, I've done what I can over the years to help and will continue to do the best I can, but it's never enough.  I'm suggesting we all join in - with whatever you can. $20/Month - $25 one time donation, whatever you can do.   To kick things off anew in 2010 - my family and I are planning on giving at least 50% of my first paycheck with whomever my new employer winds up being to HFC in March.  How will you help with this effort?

Let's see how we can support his incredible mission!

You can follow Johnny Long on Facebook You can also find him on Twitter

Getting More "Connected" in 2010

One of my goals in 2010 is to be more timely in my responses to everyone that takes the time to reach out to me.  It seems that I'm pretty much the worst person on earth when it comes to responding to phone messages or emails older than 24 hours.  I have a very small memory ring-buffer in my head. 

As part of me working on fixing this issue -  I'm opening up my entire "virtual" life to you all - If you want to reach out and talk (or collaborate on a project) about Security Operations, SIEM, Log Management, Security Monitoring and Analysis, Incident Response, etc - I've provided about every reasonable way I can think of to reach me and I'm committing to being as responsive as I can. 

In addition to my blog - here are some of the best ways to reach me - or learn what I'm up to in 2010:


Twitter "@RockyD"  DM me or at least "@rockyd" me and I'll probably see the message within a few minutes one my phone or desktop.  I'm addicted to Twitter (seriously I think I might need to go to Twitter Rehab). 


I'm almost always online via Skype either on my phone or at my desk. I'm willing to Video/Voice and Chat as necessary.





Linkedin Profile I use the Linkedin Groups feature to answer questions, though less so over the last few months. I do post there every few days and I use Linkedin in advance of every single professional conversation I have to help have an understanding of who I am talking with.



Google Wave "SecurityProfessional" I'm committing to trying this out for some projects I'm collaborating on and it is working great so far!




Google Buzz: Security Professional. My Information Security related "Buzz". Not committing 100% to Buzz yet, but I will try it out for a while and see how it goes. If you follow me on Buzz it does open up gmail and google chat as another communication opportunity.

Of course there is good old-fashioned email as well.  If you can't figure out my gmail with everything else I've provided above, please get off the internet.  If I don't respond to you within 24 hours - please feel free to ping me again.


Conferences:  I will be attending RSA and B-SidesSF in March and perhaps BH/DC in July.  Always happy to talk in person!  My schedule fills up pretty quick, but I always leave evenings open!

If you can't reach me with any of the above methods I'm either in-person meeting with someone (I don't usually answer to machines if I'm face-to-face with someone - it just seems rude) on an airplane, or I'm dead and if I can I'll either get back with you or haunt you whichever is appropriate. 

In all seriousness, I look forward to talking/collaborating with you in 2010 and beyond. 

Much Ado About Correlation

Mike Rothman at Securosis posted Network Security Fundamentals: Correlation yesterday and did a good job explaining some common issues SIEM and "Correlation". If you're in the market for SIEM you should read it and not just because it refers to some of my previous blogs :) (SIEM 101 and SIEM 201) but because is very accurate. You have to do the real work PRIOR to deploying the SIEM. It's all in the requirements. If you can't define how you will use the output of the SIEM - stick with Log Management until your organization can mature into using SIEM properly.

I really enjoyed Adrian's follow up Post Where he describes in detail why SIEM is not the end-all be-all of Security Monitoring. It's a good tool designed to do the best it can with what it is given. Simply put there is only so much you can do with crappy logs. Additional context is always required. For more on my thoughts about what works for Security Monitoring see Security Operations: Collection Post.

NSA to Google wrt APT - "We're here to help"

The Washington Post reported that the NSA will be helping Google with the analysis of events related to the recent Chinese Espionage that affected Google and so many other US Companies.

Does this confirm the existence of APT, and that APT is a real danger? Duh, the world's scariest intelligence organization is focusing their talents on the problem - it IS a problem. Is this the best way to combat it? Well, we do need more exposure, information and collaboration so I can't really think of a better partnership of minds.

Sure the Privacy implications are huge. NSA does go to great lengths to protect privacy of US Citizens. The fact that this is public information does lend itself to more trust. They are both being fairly transparent and the goal is in our (US-centric) best interest.

Some questions I have - I wonder who is going to have oversight authority? I also wonder WHY this is public information? Is NSA going to offer the same level of collaboration to other companies affected by APT (or non APT espionage)? If so great news, if not then what is the threshold for involvement?

I also wonder if this was coordinated through our new Cyber Coordinator and if so, why wouldn't he take the opportunity to announce the partnership?

What do you think?