J Wolfgang Goerlich's thoughts on Information Security
Friday Books and Talks 02/20/2015

By wolfgang. 20 February 2015 07:56

Talent is Never Enough
by John C. Maxwell 

Read the headlines, watch the highlights, or just step out your front door: Some talented people reach their full potential, while others self-destruct or remain trapped in mediocrity. What makes the difference? Maxwell, the go-to guru for business professionals across the globe, insists that the choices people make-not merely the skills they inherit-propel them onto greatness. Among other truths, successful people know that:

  • Belief lifts your talent.
  • Initiative activates your talent.
  • Focus directs your talent.
  • Preparation positions your talent.
  • Practice sharpens your talent.
  • Perseverance sustains your talent.
  • Character protects your talent.

It's what you add to your talent that makes the greatest difference. With authentic examples and time-tested wisdom, Maxwell shares thirteen attributes you need to maximize your potential and live the life of your dreams. You can have talent alone and fall short of your potential. Or you can have talent plus, and really stand out.

 

Low-Hanging Fruit
by Jeremy Eden, Terri Long

How can anyone, from the shop floor up to the C-suite, make their companies better? Despite years of corporate initiatives and implementing big fixes, are there really more simple and smart ways to improve productivity? In Low-Hanging Fruit, co-authors Jeremy Eden and Terri Long not only answer that question, they show how to get it. Low-Hanging Fruit is a fast-paced, fun read with 77 different ways to make a difference at your company. Eden, a former McKinsey consultant and Long, a former bank executive use many great examples from working with teams at Fortune 1000 companies helping them cut through the complexity, the politics and the waste. Low-Hanging Fruit gives you the best ideas culled from their experience such as how to deal with the "unintentional squelch" "zombie projects" and why mom was wrong about always doing your best. 

This isn't a theoretical business tome. This is an indispensable guide that should sit on every career-minded person's desk to be referenced regularly. Often contrarian, always passionate, Low-Hanging Fruit has the power to change your career and your organization. 

Tags:

General

Friday Books and Talks 01/30/2015

By wolfgang. 30 January 2015 16:59

How Did That Happen?
by Roger Connors, Tom Smith

The economy crashes, the government misfires, businesses fail, leaders don't lead, managers don't manage, and the people we count on for the results that affect our own performance don't follow through, leaving us asking, "How did that happen?" Surprises caused by a lack of personal accountability plague almost every organization today, from the political arena to every large and small business. How Did That Happen? offers a proven way to eliminate these nasty surprises, gain an unbeatable competitive edge, and enhance performance by holding others accountable in a positive, principled way.

The Definitive Drucker
by Elizabeth Haas Edersheim

For sixteen months before his death, Elizabeth Haas Edersheim was given unprecedented access to Peter Drucker, widely regarded as the father of modern management. At Drucker's request, Edersheim, a respected management thinker in her own right, spoke with him about the development of modern business throughout his life-and how it continues to grow and change at an ever-increasing rate. The Definitive Drucker captures his visionary management concepts, applies them to the key business risks and opportunities of the coming decades, and imparts Drucker's views on current business practices, economic changes, and trends-many of which he first predicted decades ago. It also sheds light onto issues such as why so many leaders fail, the fragility of our economic systems, and the new role of the CEO.


Tags:

General

Friday Books and Talks 01/23/2015

By wolfgang. 23 January 2015 16:15

Drucker on Leadership
by William A. Cohen, Ph.D.

Although Peter Drucker, "The Father of Modern Management," died in 2005, his timeless teachings are studied and practiced by forward-thinking managers worldwide. His lessons and wisdom on the topic of leadership-the central element of management-are in constant demand, yet he wrote little under that actual subject heading. In Drucker on Leadership , William A. Cohen explores Drucker's lost leadership lessons-why they are missing, what they are, why they are important, and how to apply them. As Cohen explains, Drucker was ambivalent about leadership for much of his career, making it clear that leadership was not by itself "good or desirable." While Drucker struggled with the concept of leadership, he was well aware that it had a critical impact on the accomplishment of all projects and human endeavors. There is no book from Drucker specifically dedicated to leadership, but a wealth of information about leadership can be found scattered throughout his 40 books and hundreds of articles. Drucker's teachings about leadership have saved many corporations from failure and helped guide others to outstanding success. Many of the leadership concepts revealed in this book will surprise and perhaps shock Drucker's followers. For example, who would have thought that Peter Drucker taught that "leadership is a marketing job" or that "the best leadership lessons for business or any nonprofit organization come from the military"? Written for anyone who values the insights of the man whose name is synonymous with excellence in management, Drucker on Leadership offers a deeper understanding of what makes an extraordinary leader.

 

Just Listen
by Mark Goulston

The first make-or-break step in persuading anyone to do any thing is getting them to hear you out. Whether the person is a harried colleague, a stressed-out client, or an insecure spouse, things will go from bad to worse if you can't break through emotional barricades. Drawing on his experience as a psychiatrist, business consultant, and coach, and backed by the latest scientific research, author Mark Goulston shares simple but power ful techniques readers can use to really get through to people--whether they're coworkers, friends, strangers, or enemies. Getting through is a fine art but a critical one. With the help of this groundbreaking book readers will be able to turn the "impossible" and "unreachable" people in their lives into allies, devoted customers, loyal colleagues, and lifetime friends.

Sitting people down and lecturing them rarely works, because it makes them defensive and when they’re defensive, they hide things from you. Work side by side with them in a cooperative activity, however, and you’ll lower their guard and get them to open up.

Tags:

General

Friday Books and Talks 01/16/2015

By wolfgang. 16 January 2015 06:12

I am revisiting some classic books, investigating ideas about constraint management.

Critical Chain
by Eliyahu M. Goldratt

"Critical Chain," a gripping fast-paced business novel, does for Project Management what Eli Goldratt's other novels have done for Production and Marketing. Dr. Goldratt's books have transformed the thinking and actions of management throughout the world.


by Eliyahu M. Goldratt

Learn more about the powerful techniques first presented in the best-selling business novel, The Goal. In this book, Dr. Goldratt, through examples in a variety of industries, shows how to apply TOC to sales and marketing, inventory control, and production distribution. In addition, techniques in conflict resolution are introduced on both a business and personal level.

Tags:

General | Project Management

Friday Books and Talks 01/09/2015

By wolfgang. 9 January 2015 07:05

Macrowikinomics
by Don Tapscott, Anthony D. Williams

In this follow up to their 2007 bestseller, Wikinomics, Don Tapscott and Anthony Willliams once again use original research to provide new examples of organizations that are successfully embracing the principles of wikinomics to change the world. Find out how in this executive book summary of Macrowikonomics.

 

Judgment on the Front Line
by Chris DeRose, Noel Tichy

Management experts Chris DeRose and Noel M. Tichy explain why frontline employees are so important and why it is crucial to involve them in decision making. Judgment on the Front Line provides a five-step process for building a frontline-focused organization and includes examples of frontline leadership in action.

  • Define a Customer-Based Vision.
  • Develop a Front Line–Focused Culture.
  • Obsess over Talent.
  • Define the Judgment Playing Field.
  • Live on the Line.


Tags:

General

Finding And Using A Mentor

By wolfgang. 3 January 2015 10:30

Forbes posted several good tips on finding and using mentors. I thought I would add my experience from the information security perspective. You can read the original article here: How To Find And Use A Mentor.

"1. Examine yourself. Evaluate your strengths and weaknesses. Make a list of goals and objectives. How will you use a mentor? To find an internship? To help you hone your presentation skills? To advise you on your career path?"

Information security is a broad field with several specialities. Often, the first step of mentoring someone is for us to decide what they even want to learn. Doing the digging and researching what areas are of interest will save time for more hands-on mentorship.

"2. Decide what you want in a mentor. What are the qualities you seek in a mentor? Try to envision the ideal person. Is it Oprah? If so, why? Figure out what characteristics you're looking for, perhaps a particular wealth of knowledge or set of skills."

Information security is a wide community with several specialists. Finding the right person to provide guidance goes along way. Look for areas where they have researched, worked, or exceled. Match their strengths to your needs.

"3. Cast a wide net. Network. Use social media like LinkedIn. Parents and their pals can prove especially useful. Don't forget professional associations and your schools' career offices."

For our field, make use of Twitter and IRC. Find the person, do your homework (osint style), and get an introduction.

"4. Be specific when you reach out. Ask for something specific, like a 20-minute meeting over coffee to learn about the person's career path, or a short desk-side meeting to ask advice about internships. Use these meetings to build rapport before you make requests for more time."

"5. Go after more than one mentor. One person may help you land an internship in your desired field; another may help you see the big picture of your unfolding career."

Rinse and repeat the above steps, filling in the gaps in your knowledge and network. 

"6. Offer something in return. Are you an expert at social networking? Offer your services and ideas generously and frequently."

With information security, it is less about sharing social networking tips and more about building on a body of research. Most of the mentors you will reach out to have an active project list, with little time to explore. By offering to do the work, you help them by progressing the idea while you help yourself by learning.

"7. Be an active protégé. Show enthusiasm for your mentor's help. Express gratitude."

Don't over do this one. I have had mentees go too far in the other direction, to the point of fawning. The ideal state is to show you are active and engaged, without overwhelming your mentor's inbox.

"8. Follow up. Even after you've landed that internship or job, don't let your communication with your mentor lapse. Keep her apprised of your progress."

It has been said that 80% of success is simply showing up. I believe this. The number one mistake I see from newcomers to the field and from people seeking mentors is that they simply do not show up. Do not have one great conversation and then let the idea go cold. Do not have a great couple weeks and then disappear. Most people do. But you are different. If you want to make it in this field, you have to show up, be steady, and see projects thru to the end.

 


Tags:

General | Team management

Happy New Year 2014

By wolfgang. 1 January 2014 15:19

TLDR: 2013 rocked and 2014 will be even better.

My 2013 resolution was "Read less, do more." Do more, I did. Let’s recap.

Software development. I added new channels to the #incog library and rewrote it as a PowerShell module, which I released at a talk at Source Boston and taught at a workshop at Eastern Michigan University. I contributed to the PowerShell Security or PoshSec project, which I presented on with the project lead’s Matt Johnson, and this became one of the most popular talks on the #misec YouTube channel. I also contributed to a variety of side projects with Charles Green of SimplyCubed.

Systems engineering. My DevOps team at Munder Capital architected and designed a new private cloud infrastructure that offers significantly higher performance and security than public cloud, at a lower price point. I presented on both the design and on my team leadership at CIO Symposiums in Grand Rapids and Sioux Falls. I left Munder in August, confident in my team’s ability to execute on the vision. 

Cyber security. I joined VioPoint as the VP of Consulting in August, and I have been building out the security team and the new Security Operations Center. Collaborating with MiSec, we began working on a threat modeling approach. It is a unique model in that it encompasses communication, threat intelligence, mitigating controls, and security exercises. We have since presented at this approach at a number of conferences and taught it at a workshop, and are working on a whitepaper.

This brings us to 2014, where my resolution is growth. Growth for my MiSec community. Growth for my VioPoint team. Growth for me, personally and professionally. We have expanded the MiSec monthly meeting space and we will be launching a new conference this summer. I will be adding several more talented folks to my VioPoint team, and expanding our security monitoring and testing services. You can expect to see me engaging more with the security community and being a bit more out in front than I have been in years past. It is time to take it up a notch.

As always, thank you for reading and joining me. Let's roll.

Tags:

General

December 2013 wrap-up

By wolfgang. 27 December 2013 16:09

Quick round-up of things that has been happening:

We competed in the RuCTFe event last weekend. David Schwartzberg from Barracuda has a write-up: Moar Security War Games. "The team of ethical hackers is called MiSec, short for Michigan Security, and were testing their metal against 173 teams spread across the planet. The team captain, Wolfgang Goerlich, asked if I would join the MiSec team to deploy a Barracuda Web Application Firewall (WAF) and Barracuda NG Firewall in front of a highly vulnerable Linux server."

VioPoint continues to grow and we are in the final stages of build a new Security Operations Center. Metromode did a brief piece: VioPoint doubles space and adds jobs in Auburn Hills. "If timing is everything, then the leadership team at VioPoint thinks it has the right ingredients for a significant growth spurt. 'We have the right people and the right services and we're going at the market at the right time,' says Wolfgang Goerlich."

BSides Columbus accepted a talk from Mark Kikta and me: Rapid Fire Threat Modeling. Everyone is talking about threat modeling. But when you get down to it, few are doing threat modeling. The reasons are simple: modeling can be complicated, there is conflicting information, and it is not clear what to do with the finished model. This session presents a pragmatic threat modeling exercise that can be accomplished in an afternoon. We will review how to find sources for threat models, communicating the findings, auditing and assessing the available controls, and driving change within the organization. In sum, this talk presents a practical approach to rapidly getting the most from threat modeling. (January 20, 2014. Columbus, OH)

ConFoo accepted my software development lifecycle talk: SDLC in Hostile Environments. What happens when end-users have the motive, opportunity, and skillset to attack our software? When two hacker conferences hosted a six week capture-the-flag contest, organizers learned first-hand how this impacts the software development life cycle (SDLC). We will discuss wins and losses, successes and failures, and hard lessons learned. (February 24 - February 28, 2014. Montreal, Canada)

Tags:

General

Friday Books and Talks 12/06/2013

By wolfgang. 6 December 2013 18:52

Here are some of the books and talks that I enjoyed this week, in no particular order.

Your Survival Instinct Is Killing You
Retrain Your Brain to Conquer Fear, Make Better Decisions, and Thrive in the 21st Century
by Marc Schoen

"Thanks to technology, we live in a world that’s much more comfortable than ever before. But here’s the paradox: our tolerance for discomfort is at an all-time low. And as we wrestle with a sinking “discomfort threshold,” we increasingly find ourselves at the mercy of our primitive instincts and reactions that can perpetuate disease, dysfunction, and impair performance and decision making."

"Your Survival Is Killing You can transform the way you live. Provocative, eye-opening, and surprisingly practical with its gallery of strategies and ideas, this book will show you how to build up your “instinctual muscles” for successfully managing discomfort while taming your overly reactive Survival Instinct. You will learn that the management of discomfort is the single most important skill for the twenty-first century. This book is, at its heart, a modern guide to survival."

Differentiate or Die
Survival in Our Era of Killer Competition
by Jack Trout

"In today's ultra-competitive world, the average supermarket has 40,000 brand items on its shelves. Car shoppers can wander through the showrooms of over twenty automobile makers. For marketers, differentiating products today is more challenging than at any time in history yet it remains at the heart of successful marketing. More importantly, it remains the key to a company's survival."

"In Differentiate or Die, bestselling author Jack Trout doesn't beat around the bush. He takes marketers to task for taking the easy route too often, employing high-tech razzle-dazzle and sleight of hand when they should be working to discover and market their product's uniquely valuable qualities. He examines successful differentiation initiatives from giants like Dell Computer, Southwest Airlines, and Wal-Mart to smaller success stories like Streit's Matzoh and Connecticut's tiny Trinity College to determine why some marketers succeed at differentiating themselves while others struggle and fail."

 

Why Leaders Eat Last
By Simon Sinek

"In this in-depth talk, ethnographer and leadership expert Simon Sinek reveals the hidden dynamics that inspire leadership and trust. In biological terms, leaders get the first pick of food and other spoils, but at a cost. When danger is present, the group expects the leader to mitigate all threats even at the expense of their personal well-being. Understanding this deep-seated expectation is the key difference between someone who is just an 'authority' versus a true 'leader.'"

Tags:

General

Friday Books and Talks 11/22/2013

By wolfgang. 22 November 2013 18:27

Here are some of the books that I enjoyed this week.

Working Relationships
by Bob Wall

"From C-level executives to front-line supervisors, the research is clear: emotional competencies are more important than training, IQ, and technical experience in determining who succeeds and fails at work. Into this exciting business arena, the revised and expanded edition of Working Relationships takes its rightful place as a classic toolkit for mastering the personal characteristics and social abilities of emotional intelligence (EQ), with new contributions that include two chapters focused exclusively in the power of EQ to influence success regardless of job type, level of education, or scope of responsibility."

Leading So People Will Follow
by Erika Andersen

"Leading So People Will Follow explores the six leadership characteristics that inspire followers to fully support their leaders. Using Erika Andersen’s proven framework, new leaders and veterans alike have increased their capacity for leading in a way that creates loyalty, commitment and results. Step by step, Andersen lays out six key attributes (far-sightedness, passion, courage, wisdom, generosity, and trustworthiness) and gives leaders the tools for developing them. This innovative book offers a practical guide for building the skills to become a truly 'followable' leader."

Tags:

General

    Log in