Sept 13 Meeting: Everything I Learned About Security Is Wrong

Date: Sept 13th, 2012
Time: 7pm
Place: EE1 Building (Electrical Engineering)
Room 403
University of Washington Campus
Subject: Everything I Learned About Security Is Wrong
Presenter: Corwin Grey and Scott Weil

NOTE: This will be a live video talk as the speakers were not able to come in person to the meeting.

This talk focuses on a blog posting by an anti-virus vendor from earlier this summer in which Bernadette Irinco wrote on July 24:

“Despite the obvious risk to the company’s data and the cost of data breaches, system administrators either prefer to or are forced to keep their servers unpatched”.

We will bring up Dr. Albert Einstein’s bromide of the definition of insanity concerning Anti-Virus tools, Intrusion Detection tools, Intrusion Prevention systems, SIEM and every thing else that is promised to make our perimeters impenetrable. More importantly, we will talk about the sentiment expressed above and, regrettably, how it accurately represents the way many security professionals interact with (dictate to?) system administrators.

Corwin started his professional IT track as a DBA and application developer for a nutritional products firm. He progressed into small business network consulting and from there into the wild west of hosted internet services in the early days of the dot-com bubble. Corwin currently works as an Information Systems Specialist for a Public Utility District in the Pacific Northwest dealing with information and physical security, network and system administration, and compliance, amidst the usual multitude of IT related projects. Corwin holds the GIAC certifications GSEC, GCIA, and GAWN, as well as ISC(2) CISSP and CompTIA A+ certifications.

Scott Weil has been involved in hi-tech since the days when 1200 baud was “a miracle”. Today, we call that Cloud technology. From 1980 – 2001 Scott sold software for decision support software firms. He joined the SANS institute in 2002 and was responsible for developing the SANS Mentor program, Community SANS, COINS, SANS vLive!, and now, SANS Hacker Guard. When Scott started working for SANS, the ratio of system administrators to security professionals was about 1:1. He looks forward to getting your feedback on what that ratio is today in your shop–most people think there are around 10 system administrators for every security professional. Scott has an MBA from Lake Forest School of Mgmt.

As always, there will be dinner sponsored by Silicon Mechanics. Check them out at

There will also be several CACert assurers present.

The meeting will be at the Electrical Engineering building on the University of Washington Campus, aka EE1. Directions are linked to the EE Department’s web site above. Parking is $5 after 5pm.