We specialize in implementing “Splunk for Security.” This could mean
getting your firewalls and IDS devices talking to Splunk and making the logs
have some meaning or taking in your vulnerability management data and
breaking out alerts that tell you where your real problems are. To us, it’s
all data and it’s all useful for security. I love the term “big data”
because it can be applied to anything at all; kinda like the “Cloud.” The
problem with big data though, is that it’s real. Unlike the Cloud, which is
this big abstract thing which could mean your infrastructure or Amazon’s or
Google’s or whoever’s, this data problem is uniquely yours. Now because
this is a Splunk article I’m going to focus on machine big data because,
well, that’s what Splunk is really great at. However, most of these
“top” six questions can be applied to any big data problem you may have.
When you are hiring a third party web developer you need to consider several
things so I’ve attempted to prioritize the things you will want to ask in
this list. These are in no particular order of importance. The answers I have
provided are only examples, as acceptable answers will vary based on your web
application and company needs.
What web development framework do you employ?
Whether its .NET ColdFusion or some Java framework, the answer to that is
going to depend on a few factors. First, are you hosting it or them? If
you’re hosting it, then you should choose a web developer... (more)
Five Ways to Hire an InfoSec Consultant
By: Bill Mathews
This is not a nice post. This is not a post about posing great interview
questions or how to tell if someone can actually do the job. No, this is a
post about how to watch out for people you want to hire to help your company.
You know the ones – the con-sultants, the slick ones, the rockstars, the
ones you should fear. Some of these guys can be worse than the actual bad
guys and here are five things to look for when you’re trying to spot them.
Are they promising you the world? One thing about information securit... (more)
E-mailing Passwords – Practice What You Preach
By: Bill Mathews
I have a few pet peeves (okay maybe a lot more than a few) but some of them
really do have a basis in reality and aren’t just blind rage. This one
falls into the “based in reality” category and really enrages me. Every
once in awhile I register for some security training because, well, I’m
curious as to what else is out there and because I want to learn things I
don’t already know…crazy right?
So I decided to take some online training while I’m on vacation this week
(yes I know, not much of a vacation but that’s me).... (more)
DjangoCMS – Sekizai and Compressor for SASS/SCSS Explained
By: Aaron Croyle
This deviates from our normal security discussion, but I’m a developer and
this problem has plagued us for a number of days. Turns out the solution is
only a few days old, so there’s limited information available out there.
Hope this helps!
So you’d like to use DjangoCMS, which, by default, uses Sekizai to manage
its CSS and JS resources. But you’d also like to use that new SASS stuff
everyone is talking about instead of CSS. Here’s the steps you’ll need to
go through to get it working. You’ll need to ins... (more)