Cambridge Infosec Associates, Inc speaks with journalists and analysts to add context to their reportage of news events. CIAI co-founder Nick Selby also provides guest commentary to certain media outlets. Some recent samples of CIAI executives quoted in the press:
FudSec.com
"A recent survey shows that half of information security professionals are unhappy in their jobs despite six-figure salaries. Of course they're unsatisfied - we have well-trained, well-intentioned security professionals reduced through a series of relentless box-ticking to ensuring that their hopelessly dated signature-based technologies have the most recently-updated chance of not stopping anything. Why? Because as punishment for making everything so complicated, security professionals have been saddled with compliance management." Read more...
SearchCompliance.com
"As of Aug. 10, the Identity Theft Resource Center had reported 333 data breaches in 2009, exposing over 13 million records in the process. Given that context, it's no wonder that information security professionals and compliance officers are receiving increased pressure and scrutiny from their executive teams about whether IT systems are truly secure. As several recent essays on PCI compliance and security suggest, however, no one should be looking to standards or compliance audits alone to certify that an organization is protected against a data breach. This was preceded by a much-discussed essay by security consultant Nick Selby at Fudsec.com, 'Showing the Oblomovs the door.' Selby posits that the PCI Data Security Standard (PCI DSS) is a 'Pyrrhic victory.' His 'anti-compliance' rant earned substantive contributions in the comments on the post by security analysts and professionals, including Verizon's Alex Hutton, on whether PCI DSS holds any value." Read more...
TechTarget
"IBM said it acquired source code security testing vendor Ounce Labs, in a move that will integrate the firm's software testing technology into IBM's Rational software business...'It's functionality that will support previous acquisitions,' said Nick Selby, a consultant and president and cofounder of Cambridge Infosec Associates Inc. 'IBM has been bringing security deeper into the development stage as opposed to trying to figure out what happened afterward by reverse engineering. The ability to run testing and get input at the development stage and get engineers to find better ways for secure coding just makes a lot of sense.'" Read more...
Network World
"Companies are clamoring for Data Loss Prevention (DLP) tools to keep their data safe from online predators. But there is much confusion over what the true ingredients are. In this series, CSOonline talks to security practitioners, analysts and other experts for a crash-course on what DLP is, what it isn't and how to get on the right track. We'll begin with the proper technologies to use, followed by the right people policies. Nick Selby, CEO/co-founder of Cambridge Infosec Associates, said the key is to develop a data classification system that has a fighting chance of working. To that end, lumping data into too few or too many buckets is a recipe for failure. 'The magic number tends to be three or four buckets -- public, internal use only, classified, and so on,' he said." Read more....
Dark Reading
"IronKey has developed an ultrasecure, hardened USB thumb drive that self-destructs when its tamper-resistant controls are disturbed. 'Self-destruct, or phone-home-and-self-destruct capabilities, have been standard on disk encryption products from folks like Check Point (Pointsec), Sophos (Utimaco), Credant, and McAfee (SafeBoot) for years,' says Nick Selby, CEO and co-founder of Cambridge Infosec, a security consultancy in New York. 'The concept is nice, though if the data is properly encrypted, the 'poof!' effect is good and redundant.'" Read more...
Chaordic Mind
"Recently Nick Selby posted on FudSec his article on Showing the Oblomovs the Door. For those who care, an Oblomov or Oblomovism is considered a lazy or apathetic person or belief. The blog post claims that information security professionals are 'well-trained, well-intentioned' but 'reduced [to] a series of relentless box-ticking' due to being 'saddled with compliance management.' I believe that instead of blaming others, we as information security professionals need to become an agent of change starting with ourselves and our current environment and expanding outwards." Read more...