Quest Consultants' Jason Winder is currently providing technical support in Haiti. Jason's primary focus is determining the current state of a data center in order to plan for upgrades. Providing international technical support is always a challenging task because of language barriers, travel, and cultural differences. Luckily, Jason is fluent in French, which greatly lowers the language barrier, has extensive experience working with different cultures after spending several years in Europe, and is happy to be away from Washington DC for a few days during the oppressively hot summer.

Here are some photos of the area the hotel blocked off because of the snow on the glass roof.

 

 This is a close up of one section of the roof. The light is shining through in the middle.

ShmooCon 2010 is underway and going strong despite the epic snowstorm raging outside. The hotel shutdown portions of the lobby because of fears about a roof collapse, which forces everyone to use the elevators in the central lobby area. Inside the conference is fairly well attended although almost everyone here is staying at the hotel. Locals who normally come for the day seem to be absent.

DC area governments are still predicting another several hours of snow so we could be holed up here for a while longer.

Where: shmoocon wireless net (essid: shmoocon), 10.10.1.121
What: web application hacking challenge, further details available on the site

First three people to complete all the objectives will win a prize: Flip video camera, iPod Nano, or 500gb external HD.

Come visit us our booth at ShmooCon for more details.

I regularly participate in discussions about the "right" amount of money to spend on security. I know two correct answers to the security budget question. First, don't spend all your money on security. Second, spend some money on security. The problem is the middle part, finding that magic number where your systems are secure but you're maximizing dollars to spend on business functionality.

Congratulations to Brian Woodley for (finally) completing his CISSP certification! Brian's long experience in the information security field has always been despite his degree in physics and uncanny knowledge of Linux but now he's official and can make fun of the rest of us. As much as we dislike spending money every year to keep up the certifications we know it's important to our current and prospective clients because it validates our experience.

The new year arrived this week and we're eagerly looking forward to great things in 2010. This year will bring some internal projects to help us be more competitive, more efficient, and more employee-friendly. We'll be investing time, energy, and money in building a more robust employee portal to support project management, information management, and collaboration. The current system of an intranet site, internal IM service, and file share is just as ungainly as ever and it's time for a change.

Is my website secure? Businesses world-wide ask this question everyday because they are confused and overwhelmed by the security controls necessary to protect a website in today’s world. Feeling confused and overwhelmed is a reasonable reaction to a situation which is out of control and barely understood by most so-called experts. Today’s cybersecurity world is like the medical advertisements of the 1800s with scam artists and misinformed salesmen selling security products without a clue as to how to use them, or even if they work.

Three days from the start of ShmooCon 2009 and we're just about ready to go. Our hacking challenge is complete and will be available at ShmooCon via a wireless network and shortly after the conference we'll be realeasing it to the public as well. Conference attendees will have the chance of winning some prizes for their hacking skills and also through a raffle. Prizes include a 19" LCD TV, 8GB iPod Nano, and USB headsets.

So with cybercrime on the rise, and miltary-grade cyberattacks all the rage, it's clearly time to work on our national cyberdefense posture. Secretary of Defense Robert Gates testified about national defense in front of the Senate Armed Services Committee the other day (01/27/09)...a transcript is here.