J Wolfgang Goerlich's thoughts on Information Security
Friday Books and Talks 08/14/2015

By wolfgang. 14 August 2015 08:14

Improv Wisdom: Don't Prepare, Just Show Up
by Patricia Ryan Madson

In an irresistible invitation to lighten up, look around, and live an unscripted life, a master of the art of improvisation explains how to adopt the attitudes and techniques used by generations of musicians and actors. Improv Wisdom shows how to apply the maxims of improvisational theater to real-life challenges—whether it's dealing with a demanding boss, a tired child, or one of life's never-ending surprises. Patricia Madson distills thirty years of experience into thirteen simple strategies, including "Say Yes," "Start Anywhere," "Face the Facts," and "Make Mistakes, Please," helping readers to loosen up, think on their feet, and take on everything life has to offer with skill, chutzpah, and a sense of humor.

Insanely Simple
by Ken Segall

Simplicity isn't just a design principle at Apple—it's a value that permeates every level of the organization. It's what helped Apple recover from near death in 1997 to become the most valuable company on earth in 2012. This book makes you a fly on the wall inside a conference room with Steve Jobs, and on the receiving end of his midnight phone calls. You'll understand how his obsession with Simplicity helped Apple perform better and faster, sometimes saving millions in the process. You'll discover how companies that leverage this power can stand out from competitors—and individuals who master it can become critical assets to their organizations.

Tags:

Friday Books and Talks 08/07/2015

By wolfgang. 7 August 2015 09:32

Change the Culture, Change the Game
by Roger Connors, Tom Smith

In the newest release from the best-selling authors of The Oz Principle, you will learn how to build a culture of accountability in your organization. The authors reveal how to transform your entire organization through each level of the Results Pyramid: Experiences, Beliefs, Actions and Results.

by Gary Vaynerchuk

Gary Vaynerchuk's Thank You Economy principles are about the way we communicate, the way we buy and sell, and the way businesses and consumers interact online and offline. Companies and brands are now competing on a whole new level in an entirely new business era. The Thank You Economy reveals how businesses can harness all the changes and challenges inherent in social media and turn them into tremendous opportunities for profit and growth.

Tags:

Friday Books and Talks 07/31/2015

By wolfgang. 31 July 2015 08:47

Absolute Value
by Itamar Simonson, Emanuel Rosen

Itamar Simonson and Emanuel Rosen show why consumer behavior has changed while fundamental thinking about marketing has not. Absolute Value answers the question of what influences customers in this new age and describes how a company should design its communication strategy, market research program, and segmentation strategy in order to adopt a new way of thinking about marketing in this new environment.

Beyond Performance
by Scott Keller, Colin Price

In Beyond Performance, McKinsey & Company's Scott Keller and Colin Price give you everything you need to build an organization that can execute in the short run and has the vitality to prosper over the long term. Drawing on the most exhaustive research effort of its kind on organizational effectiveness and change management, Keller and Price put hard science behind their big idea: that the health of an organization is equally as important as its performance.

Escape Velocity
by Geoffrey A. Moore

Geoffrey Moore's now-classic Crossing the Chasm became a must-read book by presenting an innovative framework to address the make-or-break obstacle facing all high-tech companies: how to gain market share from early adopters and from mainstream consumers. Now, Moore's Escape Velocity offers a pragmatic plan to engage the most critical challenge that established enterprises face in the twenty-first-century economy: how to move beyond past success and drive next-generation growth from new lines of business.

 

Tags:

Converge Detroit Podcasts

By wolfgang. 21 July 2015 15:43

We did a few podcasts over the Converge Detroit conference. Check them out here:

IT in the D -- Live Broadcast: Converge 2015 Security Conference. Ever had a conversation with a guy who compromised bank security ... in Beirut? How about someone who’s managed to compromise physical security all over the world ... just because scanning and getting into servers is too boringly easy? Know anything about a group that’s out there dedicated to teaching kids about computer security in a way they’ll actually want to learn? Read and listen on, friends ... read and listen on.

Hurricane Labs InfoSec Podcast -- Don’t Bother Trusting, Verify Everything. This podcast was recorded by the Hurricane Labs crew, and special guest Wolfgang Goerlich, at the 2015 Converge Conference. Topics of discussion (and witty banter) include: FBI anti-encryption rhetoric; the Hacking Team hack; Google's social responsibility; and more. Converge and BSides Detroit were fantastic - if you didn't get the chance to make it out this year, you can still view the video presentation recordings here: Converge 2015 Videos. Thanks to Wolf and all the sponsors, volunteers, speakers and everyone who made these conferences possible! 

PVCSec -- Live! At Converge Detroit. Ed & I enjoyed talking with a fantastic audience at Converge Detroit 2015 yesterday. Everyone was in fine voice. Ed & Paul embraced Converge Detroit’s invitation to podcast LIVE! from the event on the campus of Wayne State University in the Arsenal of Democracy, Detroit Michigan U.S. of A. Thanks again to the event, the sponsors, the volunteers, and of course all of those who attended. We had a blast and can’t wait for next year!

Tags:

Out and About | Security

Friday Books and Talks 05/29/2015

By wolfgang. 29 May 2015 07:12

The Reinventors
by Jason Jennings

For most businesses, success is fleeting. There are only two real choices: stick with the status quo until things inevitably decline, or continuously change to stay vital. But how? Bestselling leadership and management guru Jason Jennings and his researchers screened 22,000 companies around the world that had been cited as great examples of reinvention. They selected the best, verified their success, interviewed their leaders, and learned how they pursue never-ending radical change. The fresh insights they discovered became Jennings's "reinvention rules" for any business.

The Power Presenter
by Jerry Weissman

Jerry Weissman is the presentations coach to Microsoft, Cisco Systems, and many of America's top executives, including founding Yahoo CEO Tim Koogle, Intuit founder Scott Cook, Netflix founder and CEO Reed Hastings, and many others. Now America's top coach reveals the same powerful strategies he teaches to CEOs in expensive private sessions. Learn why your body language and voice are more important than your words, how to present with poise and confidence naturally, and how to connect with any audience emotionally. Filled with illustrative case studies of Barack Obama, Ronald Reagan, George W. Bush, John F. Kennedy, and many others, The Power Presenter will bring out the best in anyone who has to stand and deliver.

by Sophie Scott
Did you know that you're 30 times more likely to laugh if you're with somebody else than if you're alone? Cognitive neuroscientist Sophie Scott shares this and other surprising facts about laughter in this fast-paced, action-packed and, yes, hilarious dash through the science of the topic.

Tags:

InfoSec Institute: IT Thought Leader Interview

By wolfgang. 27 May 2015 13:31

J. Wolfgang Goerlich is an influential leader and IT management executive with the ability to act as a cultural change agent, driving security initiatives and raising security postures. He currently works as a Cyber Security Strategist for Creative Breakthrough Inc (CBI) and has been in the industry for over 20 years. Areas of expertise include managing culture, ITGRC, security community and mentorship, application security and team leadership.

1. Early this year, you took the position of cyber security strategist at CBI. What exactly does this position entail?

As a security strategist at CBI, my role is connecting people and ideas to develop strategies for improving cyber security. I work with the senior leadership at CBI’s customers to understand their business strategy and collaborate on plans for aligning and maturing their security activities. Within CBI, I provide technical leadership and expertise toward our service lines and vendor partnerships. On select engagements, I work directly with the consulting team to deliver impactful results to our customers.

Another aspect of my position, which I find rewarding, is leading the CBI Academy. I have been mentoring and coaching professionals in my local community for years, so leading the Academy was a natural fit. We often hear CISOs talk about the lack of security talent for staffing their teams. At the same time, we often hear students talk of the difficulty in identifying and gaining the in-demand skills. With CBI Academy, we bridge the gap with an apprenticeship program that accelerates the careers of recent university graduates.

Read the rest at:

http://resources.infosecinstitute.com/interview-j-wolfgang-goerlich-cyber-security-strategist-for-creative-breakthrough/

Tags:

General

Wired: DevOps isn't a job, but it is still important

By wolfgang. 22 May 2015 07:10

"Traditionally, companies have at least two main technical teams. There are the programmers, who code the software that the company sells, or that its employees use internally. And then there are the information technology operations staff, who handle everything from installing network gear to maintaining the servers that run those programmers’ code. The two teams only communicate when it’s time for the operations team to install a new version of the programmers’ software, or when things go wrong. That’s the way it was at Munder Capital Management when J. Wolfgang Goerlich joined the Midwestern financial services company in 2005."

Read the rest at: http://www.wired.com/2015/05/devops-isnt-job-still-important/

Tags:

Team management

Phone phreaking visits Apple Pay's authentication

By wolfgang. 18 May 2015 08:43

There is a new attack on Apple Pay involving an old phreak tactic. Read about it here:

Has Your Phone Number Been Stolen? Another Apple Pay Fraud Hits the Nation
https://www.mainstreet.com/article/has-your-phone-number-been-stolen-another-apple-pay-fraud-hits-the-nation

The fraud works by knowing the mobile carrier and number the target uses for device identification, contacting the carrier to port the number to a phone the criminal has, then using the number to authenticate and add the criminal’s device to the victim’s Apple Pay account. Illegally porting telephone numbers has been around for some time. Criminals are re-using the old technique to subvert Apple Pay’s device authentication mechanism. 

What can consumers do to protect themselves? First, use a telephone number that is not well known for device authentication. Many people use their home landline phone number, which is often easy to discover. Second, inquire with the carrier about their policies around authorizing porting and notifying customers. Third, keep a close eye on Apple Pay for unfamiliar devices.

The ways banks can protect consumers is as old as the tactic of stealing phone numbers. It comes down to account monitoring and fraud detection. Today's behavioral analytics are equally adept at spotting misused credit cards as they are spotting misused accounts linked to Apple Pay. Banks and other financial institutions must review their anti-fraud programs to ensure they apply to emerging payment processes like Apple Pay.

All in all, this is an example of an old tactic being applied to a new payment processing system. When developing new systems, it always pays to consider how previous attacks might apply.

Tags:

Risk Management | Threat modeling

Starbucks gift card fraud

By wolfgang. 15 May 2015 12:42

Starbucks is in the news as criminals abuse its online services through fraudulent gift card purchases. On the surface, the issue appears to be about consumers’ passwords and the poor practices around their use. There is more to the story, however, and I would argue two deeper concerns are the real issue. The first is in how emerging payment systems are monitored and secured. The second is in how online services are developed and maintained. 

Read the rest at: http://content.cbihome.com/blog/starbucks_giftcard_fraud

Tags:

Application Security | Risk Management

Friday Books and Talks 05/15/2015

By wolfgang. 15 May 2015 07:36

Reviving Work Ethic: A Leader's Guide to Ending Entitlement and Restoring Pride in the Emerging Workforce
by Eric Chester (Author)

For frustrated managers and leaders, a guide to instilling a strong work ethic in the modern workforce. Work ethic in America is fast declining, plaguing young and old alike. But in Reviving Work Ethic, Eric Chester shows that you do best to focus on your young employees--those whose habits and ideals can still be influenced. He presents an incisive look at the root of the entitlement mentality that afflicts many in the emerging workforce and shows readers the specific actions they can take to give their employees a deep commitment to performing excellent work.

And his advice is crucial to a healthy bottom line: too often, talented-but-difficult-to-understand younger workers stand between your company and its profits. If business owners, managers, and executives are not connecting with them and modeling the key components of work ethic, employees are likely not connecting effectively with customers--leaving all kinds of money on the table.

Reviving Work Ethic is the culmination of years of research as well as presentations to over two million youth. Chester's experience shows in his confident analysis of the seven

Tags:

    Log in