Presentations

I like the IP presentation since it exposed new side of business to me. I never realized the extent of resources that businesses must invest in order to protect their IP and the types of problems that can surface due to the rise in Web 1.0/2.0 Technologies. The most interesting part of the talk was the discussion surrounding how a cyber squatter was tracked down using publicly available information on the Internet. The story demonstrated, again, how much information is freely available on the Internet, and that the greater population should be knowledgeable that the online world has greatly reduced the ability for people to lead 'private' lifestyles. As a byproduct of the story, I was reminded about www.zillow.com, and I have been heavily using this classic Web 2.0 site to investigate real-estate.

As for the security presentation, I had wished that the presenter had spent more time explaining the true power of the Browser Exploitation Framework (BeEf). This software package truly demonstrates how simple it has now become for any malicious individual to exploit the average web surfer. Not only have traditional businesses moved into the Web 2.0 framework, but malicious individuals have also refocused their attack vectors and tools (BeEF) to take advantage of the Web 2.0 world.

It was also comforting to hear that some of the launch dates for the speaker's websites were delayed due to the security analysis that was preformed prior to the launch. It was unfortunate, though, that the testing was done very late in the development lifecycle, which contributed to the delayed launch. This story reiterates to me how important it is for developers to be taught how to develop secure code, and not to think of security as something that is bolted on at the end of the coding phase.

An alternative approach is to provide the security testing tools to the developers so that they can be empowered to run the tools throughout their development process. This approach can help reduce the number of security related changes that crop up near the end of the development lifecycle.

Both speaker's topics highlighted the importance of the vast quantities of information that is available on the Internet and how it can be used for good and for evil purposes at the same time. The challenge is (1) knowing that the information exists and (2) knowing how to find the information that you need. Both of these challenges can be overcome by networking with the right people – both in the physical and virtual world. My overall take away is that each speaker reinforced the need to develop and to maintain connections with a wide variety of people and online communities/groups that can help me through challenges the physical and virtual world.