Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.
Rafal (Principal, Strategic Security Services)
Secure Sockets Layer (SSL) is become ever-more popular, and more and more volume of Internet traffic is being sent over secured connections. The question is - do you trust that the endpoint on the other end of that SSL connection is really what it says it is? How do you know? Certificate Authorities are targets today like never before - so protecting them is more important than its ever been.
This issue was resolved in record time, thank you to Michelle Gorel from AVNET Corp. Communications for making things right in absolutely record-time, on a Saturday night. I can only wish everyone who struggles with plagiarism the same type of experience as I had. Read the last update at the end.
It's been said before that imitation is the most sincere form of flattery.
Then why do I feel so violated, after finding out that Bennett Bayer (otherwise known as @MobilityPath) of AVNET Technology Solutions has blatantly stolen (at least one) blog post I've written here on Following the Wh1t3 Rabbit and posted it on his company's blog as if he wrote it?
A few colleagues alerted me of the fact that my blog, amonst claims of many others, was directly copied without attribution. I'm a big proponent of fair use - but in information security we've had a major problem lately with people stealing content and calling it their own - this is yet another example.
Let me point you to a blog post I put up on October 3rd, 2011 about the difficulties of measuring IT Security performance (here: http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/The-Difficulty-of-Measuring-the-Performance-of-Information/ba-p/5351915) and you can compare that with Bennett's blog post on October 8th, 2011 ...(right here: http://blogging.avnet.com/ts/advantage/2011/10/measuring-the-performance-of-information-security/ ).
Busted, Bennett, stealing content. You should be ashamed of yourself.
This wouldn't be so bad if he had said something like "Original posted on Following the Wh1t3 Rabbit, an HP blog by Rafal Los, here <link>" ... but instead he decided to put his name on it as if he wrote the post, and put it on his company's blog. I don't know about the place you folks work - but if I was stealing other company's content and calling it my own on my company's blog ...I'd likely face disciplinary action ...let's hope AVNET has a strict policy against intellectual property theft.
So far, the AvnetComms Twitter account reached out to me to tell me they were investigating... Since they are a large professional organization I will give them the benefit of the doubt that the right people are being contacted, and the situation is being rectified as quickly as possible. I will update this blog post as I hear back, or as the situation is resolved - however it comes to end.
Update: 1:41pm Central Time 12/3/2011
Apparently, the folks over at AVNET take this seriously, as Bennett's entire blog appears to be pulled. Well done, however, I (and the rest of the security community) are still waiting for a formal acknowledgement of what happened, and what AVNET will do to prevent this in the future.
Update: 6:15pm Central Time 12/3/2011
...Apparently AVNET has removed Bennett Bayer completely from their blogging platform. Long-overdue reforms, apparently. I knew they would handle this swiftly, and appropriately.
Well done, AVNET staff.
I'm sure this is not yet the end of this saga... but we're well on our way to getting past this.
Update: 7:24pm Central Time 12/3/2011
Simply, in a word - wow. Michelle Gorel contacted me to let me know that the issue has been resolved. I know some of you that I was speaking with on Twitter over this topic were saying not to hold my breath for an apology, full resolution - I'm really excited to report you were wrong. I know that some of you struggle with having your hard work copied and someone else's name on it ...don't despair. Report it, the community is behind you.
Update: 4:58pm Central Time 12/4/2011
I just received an update and multiple confirmations of a public apology being posted on AVNET's landing page ( https://twitter.com/#!/MichelleGorel/status/143464306636365824 ) ...link here: http://blogging.avnet.com/ts/advantage/2011/12/avnet-advantage-blog-content-ownership/
Every organization lets bloggers and their employees have a certain amount of freedom, I know I enjoy freedom from editorial review as well ...so when we report plagiarism (as blantant as it may sometimes be) it's really the response that matters most. I don't know that I have heard of a faster, more sincere response than I've gotten from the folks over at AVNET. It's clearly a world-class shop, with people like Michelle keeping everyone honest. Thanks for making it right.