February 19


Our first Security Podcast Q&A with Adam Dodge

Welcome to a new programming aspect of the Security Catalyst experience: our Q&A podcast. After recording this weekend, we made the decision to run this today and push the Family Security Series back a few days (the team engaged in advising me has really brought on a lot of value and I am looking forward to getting that program started).

So, what can you expect from this program?
– Our goal is to review questions and answer them monthly
– We will answer questions sent in by readers and listeners, across three basic types:

– career
– consumer
– business

– Depending on each show, we may not cover each segment (or we might be covering one topic across all three). We’ll see how it goes.
– We are also taking the time for each program to research the questions a bit, and then are combining our experience, opinions and research to provide what we hope to be useful and helpful information.
– Each show will list links (which you’ll see below).

Here is our disclaimer
This is our best effort. To really benefit from this experience, we invite you to get engaged in the process:
– if you see something we missed, join us in the discussion forum and chime in
– use our experience as a guide for your own decision making
– if you need more help, join the security catalyst community (note the naming convention of: Firstname.Lastname)

On this Episode (three questions)

1. “I was curious if you are aware of any resources for security study and job-seeking, as I’m entirely self-taught. At this point I scan the logs and read whatever I can on the web and industry rags. I do Windows but prefer linux for its stability – most of my tools are on the linux box. Pisses off my boss to no end 🙂 Not bad for self-taught, but it’s time for a large pay raise” – Jeff

Links from our answer:
NSA as Centers of Academic Excellence in Information Assurance Education (CAEIAE) http://www.nsa.gov/ia/academia/caeiae.cfm

A list of all CAEIAE insitutions and the areas they have certified in is available here http://www.nsa.gov/ia/academia/iacmap.cfm

CISA – www.isaca.org/cisa/
CISM – www.isaca.org/cism/
CISSP – www.isc2.org/
SANS – www.giac.org/certifications/roadmap.php
Norwich – http://www.msia.norwich.edu/insecure/

Join the discussion in the Security Catalyst Community:


2. “I’m looking for some topic ideas relating to some awareness initiatives here where I work. I know you’ve been asking for feedback on topics, and I was wondering if you’d share any of your findings.” – Jim

Special Offer: If you send me an email at securitycatalyst@gmail.com – I will work with you to survey your audience and provide the results to you to help you kick-start your awareness program. While I welcome the opportunity to explain some of our research, there are no strings attached. This is what I do for a living, and if it helps get our much needed awareness efforts kick-started, then I’ll contribute this to the industry.

Come discuss this with us in the forum:

Some other ideas for topics:
NIST 800-69, Guidance for Securing XP Home: http://csrc.nist.gov/itsec/guidance_WinXP_Home.html (** this is what we are using for the first 5 episodes of the FSS Podcast)
CERT Home User Security: http://www.cert.org/homeusers/HomeComputerSecurity/

3. “I have been researching antivirus software for too long and just keep going in circles. I cannot distinguish between different antivirus software vendors because of either their marketing hype, inconsistent reviews, FUD, etc. Is there really a quantifibable difference or is it just opinions? What are your thoughts on this and could you provide an antivirus suggestion? At this moment I am leaning more towards either Zone Alarm Security Suite, or Kerio and NOD32.” – Eric

If you are looking for more information on how specific AV software did in testing, check out
– AV Test (www.av-test.org), independent testing lab in Germany
– CheckVir (www.checkvir.com), independent testing lab in Hungary
– ICSA Labs (www.icsalabs.com), one of the first organizations to start testing the claims of AV vendors, now part of Cybertrust (www.cybertrust.com)

For those adventurous types that are looking to run a few in house tests, here are some resources that might help
– The European Expert Group for IT-Security (www.eicar.org), Look for the “Anti-Malware Testfile” link on the main page

Free AV resources
– AVG Free – http://free.grisoft.com/doc/1
– Avira AntiVir Personal Edition – http://www.free-av.com/antivirus/allinonen.html
– ClamWim – http://www.clamwin.com/
– TrendMirco Free Online Virus Scanner – http://housecall.trendmicro.com/

Subscription AV resources
– CA eTurst Antivirus – http://www3.ca.com/solutions/Product.aspx?ID=156
– Symantec (number of different products for home/small to mid business/enterprise) – http://www.symantec.com/index.htm
– McAfee (same as symantec, differen products for different sectors) – http://www.mcafee.com/us/
– NOD32 – http://www.eset.com/
– Sophos (for businesses) – http://www.sophos.com/

Additional reviews
– AV Test – http://www.av-test.org
– CheckVir – http://www.checkvir.com
– ICSA Labs – http://www.icsalabs.com


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Tired of feeling defeated on Friday?

Where the stack of work to get done is bigger than what got finished. You dread next week before the weekend even begins.

It doesn’t have to be this way.