DOJOSEC - Compliance Presentation

by Ron Gula on January 5, 2009

The next DOJOSEC is this week. I've been invited to speak about the latest compliance trends in PCI and FDCC. Also presenting will be Shaf Ramsey of TechGaurd Security and Dale Beauchamp of the Transportation Security Administration. Mr. Ramsey will discuss the future of virtual worlds such as HIPIHI and the implications they will have for information security. Mr. Beauchamp is a digital forensics expert and will discuss practical memory analysis. The time and location of the event are: January 8th - Thursday - 6:00 PM to 9:30 PM Charles I. Ecker Business Training Center 6751 Columbia Gateway...

Policy Compliance Thought Leadership Roundtable

by Ron Gula on November 25, 2008

Note: This webinar has occurred and you can hear the recorded session at this link . Would you like to hear thought leaders from Symantec, Qualys, Tenable and Courion discuss various approaches to policy compliance? If so, please visit the website and register for the live "Policy Compliance Thought Leadership Roundtable" webinar on December 3rd, 2:00 PM EST. Panel members include: Peter Distefano, Symantec Marcus Ranum, Tenable Network Security Kurt Johnson, Courion Terry Ramos, Qualys In our one-hour, live panel, we will discuss the pros and cons of vulnerability...

Hacker Court 2008 Post Mortem

by Carole Fennelly on August 21, 2008

Another Black Hat conference for the record books! It’s traditional for me to have a panic attack on the eve of Black Hat, trying to pull the Hacker Court team together to work on our presentation (“ Hack MyFace ”) and swearing I’m never doing this again. This year was even worse: the defendant, Simple Nomad , and the judge, Richard Salgado , both had to cancel at the last minute. We still had to work out evidence details (as Simple Nomad once pointed out, it would be easier to actually hack into a system than generate fake evidence) and now had to find replacement players. Richard Salgado...

Hacker Court at Black Hat!

by Carole Fennelly on August 4, 2008

Hacker Court is once again returning to the Black Hat Briefings ! For our seventh Black Hat presentation, we will be conducting a mock court trial focused on the issues of entrapment, journalist privilege and wiretapping, titled "Hack MyFace." What is "Hacker Court?" Hacker Court is a loose organization of attorneys, security professionals and hackers with the goal of demonstrating the dynamics, frustrations and complexity of computer crime trials. Teaching Points The Hacker Court mock trials endeavor to teach a technical audience the reality of computer crime trials. Before joining Tenable,...

WhiteHatWorld Webinar - Vulnerabiltiy Management Thought Leadership Webcast

by Ron Gula on August 2, 2008

On August 6th, 2008, I will be participating in a Vulnerabiltiy Management webinar hosted by WhiteHatWorld . We will be discussing best practices for scanning and configuration auditing. Panelists also include representatives from Qualys and Rapid7. To register, please visit this link or visit to learn more and view their library of recorded webinars.

Phishing Webinar with White Hat World

by Ron Gula on July 16, 2008

I will be participating today in a White Hat World "Thought Leadership Roundtable Webcast" today at 2:00 PM EST on the topic of Phishing. Other panel members include representatives from Secure Computing, SonicWall, and Missing Link Security Services. To register for the event or watch the recorded session after it occurs, please use the following link: White Hat World Webcasts The event is free, but requires registration. Tenable will be participating in several other White Hat World webcasts in the near future.

Marcus Ranum in Europe

by Ron Gula on April 18, 2008

For those readers that are located in Europe, Marcus Ranum, Tenable’s CSO, will be speaking at two events in Q2 of 2008: On April 23rd and 24th, Marcus Ranum will be speaking at the Mnemonic Risk Management and Information Security Conference 2008 in Norway. The conference will be held at the Ulleval Business Class. He kicks off the conference with his talk titled: “Lateral Thinking in Security”. Computer security, as a field, appears to be trapped in a hamster-wheel of repeating the same ideas over and over again. And the results are clear: 15 years into the field, more systems are getting...

Upcoming Conferences and Speaking Engagements

by Ron Gula on August 24, 2007

There are a few events occurring before the end of the year that Tenable will be participating in: 2007 DHS Security Conference and Workshop Baltimore Maryland, August 27-30, 2007 I will be speaking at 3:45 this Monday, August 27 about how configuration management changes the way network security monitoring and incident response occur in non-obvious manners. Many of these sessions are only open to the US government. "Hack In The Box" SecConf 2007 Kuala Lumpur, Malaysia, September 3-6, 2007 Several members of Tenable's research team will be attending the conference. We're traveling from all...

Webinar -- "HIPAA Compliance - What can Nessus do for you?"

by Ron Gula on March 20, 2007

Tenable Network Security will be hosting a webinar on March 21, 2:00 PM to 3:00 PM EST. This presentation will consider how configuration auditing and vulnerability monitoring can be performed by the Nessus vulnerability scanner when managed by the Security Center . It will be led by Dave Breslin who is Tenable's Director of Sales Engineering. Dave is a Certified HIPAA Professional and a Certified HIPAA Security Specialist. To register for the webinar, please use the following URL: If HIPAA Compliance auditing is of interest, readers should...

Marcus Ranum Presentation - Six Dumbest Ideas in Network Security

by Ron Gula on December 11, 2006

Tenable's CSO, Marcus Ranum, discusses many of the trends, assumptions and misconceptions about computer security facing us today. Mr. Ranum discusses why security mechanisms fail and why it is such a hard state to be "secure". Slides and audio are available below: Slides [PDF] Audio [MP3]