Leadership Laboratory

Leadership Laboratory

Welcome to the Leadership Laboratory. I'm Stephen Northcutt and like many of you I am an information security manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security management as well as the people side of the job. The "Leadership Labratory", for you creative spellers, is an informal set of articles and whitepapers, almost a blog, about management, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512 Security Leadership Essentials For Managers and the GIAC Security Leadership Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu. If you enjoy reading our content, you can get the latest articles by visiting this page or subscribing to our RSS feed:

Click here to subscribe to the Leadership Laboratory Article Feed

Click here to subscribe to the SANS NewsBites Feed


When do you need to hire an HR manager

By David Weisenfeld and Amanda Walters

Experts agree there is no “magic number” of full-time employees that dictates when a company absolutely, positively must hire an HR manager. But certain employment laws contain specific thresholds for when a company can be subject to liability.

View Article

Leadership Lab: Intellectual Property Series

View this series only

This series of essays can help the IT manager learn how to identify and protect intellectual property and intangible assets.

Valuation of Intellectual Property Case Study - IPWatchdog.com

By Stephen Northcutt

Since 1999 IPWatchdog.com has provided individuals, small businesses and entrepreneurs with information to help them understand all areas of intellectual property and to become better consumers. In fact, IPWatchdog.com leads the charge to inform individual inventors of invention submission scams. Indeed, if you type "invention submission" into Google, Yahoo or MSN, IPWatchdog.com's "The Truth About Invention Submission," a detailed expose and warning, is the first page that appears in the free rankings.

View Article

Trademark Infringement - The Likelihood of Confusion

By Eugene R. Quinn, Jr.

When the goods produced or services offered by the alleged infringer compete for sales with those of the trademark owner, infringement usually will be found if the marks are sufficiently similar that confusion can be expected. When the goods are related, but not competitive, several other factors are added to the calculus. If the goods are totally unrelated, there can be no infringement because confusion is unlikely. The goal is to protect the consumer, not to protect trademark.

View Article

What is Intellectual Property

By Stephen Northcutt

Intellectual property is a tangible expression of a human idea that shares many of the characteristics associated with real and personal property. Intellectual property is an asset, and as such it can be bought, sold, licensed, exchanged, or gratuitously given away like any other form of property.

View Article

Creative Commons and Intellectual Property

By Stephen Northcutt

The well known book, The Long Tail, by Chris Anderson, points out how two major perspectives on authorship change the way creators of content feel about copyright.

View Article

What Is a Patent?

By Stephen Northcutt

Patents are tools that grant legal intellectual property protection to inventions, an object, process, or technique that is novel.

View Article

View Archives

Digital Rights Management - Apr 7th, 2007

By: Stephen Northcutt

Digital Rights Management is a broad term encompassing a variety of methods to protect digital media from piracy. Its history and current status exist with some interesting facts and legal controversy.

View Article

Trademark and Brand - Apr 7th, 2007

By: Stephen Northcutt

Trademark and brand are two key identifying elements to your organization. They are important enough to carefully develop and protect.

View Article

Trade Secrets - Apr 7th, 2007

By: Stephen Northcutt

Copyrights, patents and marks are all examples of intellectual property that can be registered with governments or the World Intellectual Property Organization. A trade secret such as know-how and other similar intangible intellectual property is something you do not register, instead, you protect it.

View Article

The Value of IP - Apr 7th, 2007

By: Stephen Northcutt

The value of your IP directly affects the value of your organization and the amount spent to protect the information. Therefore, knowing how to calculate and determine the IP value is crucial.

View Article

Licensing and Franchising - Apr 3rd, 2007

By: Stephen Northcutt

Licensing and franchising are two ways for an organization to protect valuable Intellectual Property.

View Article

10 Steps to Protect IP - Mar 13th, 2007

By: Stephen Northcutt

The last entry in the SANS intellectual property protection series, the ten steps to protect IP.

View Article

How to Pass the GSLC Exam

By Daryl Gilbertson and Stephen Northcutt

If you will invest some time to prepare before starting your MGT512 class you will be able to follow the material discussed in class better. Additionally, the more you prepare for the GSLC exam the better you will do on your exam. Here are a few tips that will help you get the most out of your class and exam.

View Article

Audit and Governance

View this series only

This series includes essays on security audit and governance. Tone at the top is a crucial aspect of leadership. However, our primary repository for audit information is the SANS audit blog.

Qualitative vs. Quantitative Risk Assessment

By Stephen Sims

In this article Stephen Sims expounds on the three levels of qualitative risk assessment and how to determine the cost associated with compromise, the likelihood of discoverability, and the difficulty of execution. He introduces a multi-dimensional approach in areas of assessing vulnerability.

View Article

Case Study: The Role of IT in Operational Risk

By Stephen Northcutt

CEO Bill Jones was tired; two days and long nights of damage control were taking their toll. "We aren't saying never, but we don't want to acquire your business in its current state. It looks like you have a double whammy," he explained. "You had a security failure through which your intellectual property was exposed, and your IT operations department needs to be completely retooled. We have no way of knowing whether you can get better as an organization or not. Most importantly, you have lost your leading position in the industry. Long term, it makes business sense for us to have an operation like yours in house. If you can turn things around, please give us a call." The merger that looked like a sure thing was in shambles.

View Article

Applied Intelligence Analysis of Networks

By Richard Porter

Concepts of operation can sometimes be problematic when technologists get caught up in the technology. Richard Porter utilizes an Information Operations concept, OODA, to build an action model for network traffic analysis to provide better Quality of Service to traffic.

View Article

The case for outsourcing Log Analysis

By Stephen Northcutt

I recently saw a press release indicating that SecureWorks has added a managed log retention service in partnership with an industry-leading log management solution provider LogLogic(R), to provide enterprises with comprehensive log aggregation, retention, searching and reporting. This is interesting: four or five years ago there were only a few log management vendors, LogLogic being one of them, and today there are a dozen, but I had not thought of this as a service.

View Article

The Auditor and the PMBOK: Re-examining the Audit Process

By James Tarala

In most studies that one would read espousing one particular view of the audit process or another, there are varying degrees of similarity between the processes. Many organizations and writers have developed processes that they believe information assurance auditors should follow when performing a formal audit of an organization's information assets. Whether it is the process defined by industry groups or varying universities publishing their standards there are certain similarities that one will find.

View Article

SANS Technology Institute - Risk Appetite Statement

By Stephen Northcutt

The SANSTechnology Institute accepts anelement of risk in almost every activity it undertakes and risk appetite can be determined by answering the question: “How willing is STI toaccept risk related to key initiatives, business and educational drivers?” This essay uses a five point scale to rank risk appetite.

View Article

SANS Technology Institute Self-Study Working Group: Planning and Governance

View this series only

We at SANS Technology Institute (STI) are in the self-study phase of evaluation by Middle States Commission on Higher Education (MSCHE) for accreditation: the self-study process itself is an integral part of earning accreditation and a great opportunity to strengthen the college through a comprehensive assessment. A major component of this self-study is the working groups within STI who perform research on all of our processes and policies.

Research Question - What is an A3

By Stephen Northcutt

The Planning and Governance Self-Study working group has a set of research questions that guide its actions. Here, we look at a primary element of governance, the A3.

View Article

Pandemic Watch 2010

By Stephen Northcutt

H1N1 Pandemic is no longer a world wide threat. We are watching the "Superbug" and H1n5, but they are not very contagious. The content is tailored to infosec and disaster recovery professionals who may need to brief senior management. In the Northern hemisphere the primary focus should be preparing work from home capability for the 2010/2011 and standard winter flu.

View Article

Application: SANS Workplace Revitalization Scholarship Program

By Stephen Northcutt & SANS Institute

The SANS Workplace Revitalization Scholarship Program is designed to help employed workers who were formerly technical but have moved into middle management positions and now want to regain their technical edge. Apply before August 31, 2010 to receive heavily discounted training and GIAC exams focusing on digital forensics.

View Article

SANS Mentor of the Year

View this series only

The SANS Mentor program is an innovative approach to training for information security professionals - one description is specialist assisted self-study. SANS recognizes the unique aspects of this training and wants to give special recognition to Mentors that put the extra effort into making sure their students have the best training possible.

Introducing SANS 2010 Mentor of the Year, Zoher Anis

By Stephen Northcutt

The SANS Mentor program is an innovative approach to training for information security professionals - one description is specialist assisted self-study. SANS recognizes the unique aspects of this training and wants to give special recognition to Mentors that put the extra effort into making sure their students have the best training possible. Chris is one of those very special people with talent and a willingness to share their knowledge.

View Article

Chris Crowley, SANS 2010 Mentor of the Year

By Stephen Northcutt

The SANS Mentor program is an innovative approach to training for information security professionals - one description is specialist assisted self-study. SANS recognizes the unique aspects of this training and wants to give special recognition to Mentors that put the extra effort into making sure their students have the best training possible. Chris is one of those very special people with talent and a willingness to share their knowledge.

View Article

Leadership Lab: STI Degree Candidates' Leadership Essays

View this series only

SANS Technology Institute's mission is to develop the leaders of the future for the information security industry. One of our admission requirements is that an applicant complete an essay describing leadership qualities they have demonstrated in the past.

SANS Technology Institute's Admission Essay on Leadership

By Stephen Northcutt

Stephen Northcutt explores the leadership essay requirement for students applying to The SANS Technology Institute and why STI posts those essays on its Leadership Laboratory.

View Article

Stress Management in the Workplace Identification and Coping Mechanisms

By Eric Jodoin

The aim of this paper is to provide insight that will help the reader further improve his/her management competencies in managing stress in the workplace.

View Article

Leadership Essay SANS Technology Institute

By Vince Fitzpatrick

Vince has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay discusses the importance of vision as a leadership quality. A good leader must have a vision, possess the ability to communicate that vision, and have the determination to make that vision a reality.

View Article

Leadership Essay SANS Technology Institute

By Erik Couture

Erik has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes leadership in military communications.

View Article

Leadership Essay SANS Technology Institute

By Kevin Fuller

Kevin Fuller has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes his experiences in “technical” leadership.

View Article

View Archives

Leadership Essay SANS Technology Institute - May 23rd, 2009

By: Enoch Laudie

Enoch has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes several ways he provides leadership and education to the public about computer security issues.

View Article

Leadership Essay SANS Technology Institute - Feb 17th, 2009

By: Algis Kibirkstis

Algis has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes the qualities of a leader that are developed and demonstrated based on the working environments to which one is exposed. He provides an example of his own experience in the telephony industry.

View Article

Leadership Essay SANS Technology Institute - May 23rd, 2009

By: Trenton Bond

Trenton has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes the value of the following leadership attributes: team building, persistence, and positive attitude.

View Article

Leadership Essay SANS Technology Institute - Jul 24th, 2008

By: Mark Baggett

Mark has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes the following: If a leader can inspire individuals to believe in the idea or cause, then individuals will take action even if it is inconvenient.

View Article

Leadership Essay SANS Technology Institute - May 13th, 2008

By: Tim Proffitt

Tim has been accepted as a candidate for the Master of Science Degree in Information Security Management. His essay describes his experiences in creating the first technology security department for his employer.

View Article

Leadership Essay SANS Technology Institute - Apr 16th, 2008

By: Brian Nolan

Brian has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes the leadership qualities he values the most and how he has used them to lead his team in an information security services practice.

View Article

Leadership Essay SANS Technology Institute - Aug 27th, 2008

By: Jim Horwath

Jim has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes strong leadership in a time of need that saved the disaster recovery drill from becoming a disaster.

View Article

Leadership Essay SANS Technology Institute - Feb 22nd, 2008

By: Gregory D. Farnham

Gregory Farnham has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes two leadership components: Vision and "Making your own Luck."

View Article

Leadership Essay SANS Technology Institute - Feb 8th, 2008

By: Emilio Valente

Emilio has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes leadership in his family life.

View Article

Leadership Essay SANS Technology Institute - Dec 7th, 2007

By: Jim Beechey

Jim Beechey has been accepted as a candidate for the Master of Science Degree in Information Security Engineering. His essay describes three leadership qualities: focusing on fixing the problem rather than placing blame; developing others without fear; and, collaborative decision making.

View Article

Leadership Essay SANS Technology Institute - Sep 14th, 2007

By: Robert S. Turner

Robert Turner has been accepted as a candidate for the Master of Science Degree in Information Security Engineering; his essay describes his experiences in leadership.

View Article

Leading to Patch Management - Jun 27th, 2007

By: Brad Ruppert

Brad has been accepted as a candidate for the Master of Science Degree in Information Security Management; this leadership essay describes his experience in developing a successful patch management strategy.

View Article

Leadership in Consulting - Jun 8th, 2007

By: Rob VandenBrink

Rob VandenBrink has been accepted as a candidate for the MSISE degree at STI; his essay describes leadership in consulting.

View Article

Leading from the Front - May 4th, 2007

By: Dwayne Edwards

Dwayne Edwards has been accepted as a candidate for the Master of Science Degree in Information Security Engineering; his leadership essay describes his experience in leading from the front.

View Article

Leading Through Mentoring and Coaching - Jan 10th, 2007

By: Kevin Bong

Kevin has been accepted as a candidate for the Master of Science Degree in Information Security Engineering; this leadership essay describes his experiences in leadership through mentoring, coaching and building teams.

View Article

SANS Technology Institute Leadership Essay - Dec 26th, 2006

By: John Hally

SANS Technology Institute's mission is to develop the leaders of the future for the information security industry. One of our admission requirements is that an applicant complete an essay describing leadership qualities they have demonstrated in the past. John Hally has been accepted as a candidate for the Master's Degree at STI - he submitted this essay as part of his application.

View Article

MGT512: SANS Security Leadership Essentials for Managers - Courseware Talking Points

By Stephen Northcutt

For students that take MGT512 at a live event ( conference or onsite ) we are continuing to update the in-class daily review questions and share those with GIAC. New practice and exam questions are being developed to match the in-class talking points. These are constantly being updated, so you might want to check back about 30 days before taking the exam.

View Article

GSLC Certification Objectives and Fairway Markers

By Stephen Northcutt

The GSLC certification is based on the course, SANS Security Leadership Essentials for Managers (MGT512). Objectives posted here are valid as of May, 2009. If you pay attention in class, know the knowledge elements on the test objectives and talking points and do well on the practice exams, you should be able to pass the exam.

View Article (PDF)

Wisdom and Leadership

View this series only

This series of papers collects wisdom from leaders in the IT and IT Security Fields. If you are interested in contributing, please drop us a note.

Pearls of Wisdom from Linked In

By Stephen Northcutt

I am on a group on leadership on LinkedIn and people were posting pearls of wisdom. I thought making a collection would be a nice touch to preserve this for all time.

View Article

Eight Critical Success Actions for Information Security

By Alberto Partida

How can information security be a business enabler? Currently the interaction of the business with information security can be a painful and expensive process. This creates frustration, both for the business and also for the information security professionals. If we aim for a different result, then we have to act differently. This article suggests eight actions for information security leaders to implement in order to improve both this situation and their daily working experience.

View Article

The 12 Laws of IT Security Power, a Keynote Presentation

By Stephen Northcutt

Slides and notes from Stephen Northcutt's keynote presentation on the "12 Laws of IT Security Power".

View Article

Leadership Lab: Interviews with SANS Technology Institute College Graduates

View this series only

A series of interviews with SANS Technology Institute College graduates

Interview with Russell Meyer, Third Graduate of SANS Technology Institute

By Stephen Northcutt

Russell Meyer is the third graduate of the SANS Technology Institute, a post graduate information security college. Stephen Northcutt had an interview with Russell to get more of his story about the experience of earning his degree from STI.

View Article

Interview with T. Brian Granier, Second Graduate of SANS Technology

By Stephen Northcutt

T. Brian Granier is the second graduate of the SANS Technology Institute, a post graduate information security college. Stephen Northcutt had an interview with Brian to get more of his story about the experience of earning his degree from STI.

View Article

Interview with Richard Hammer, First Graduate of SANS Technology Institute

By Stephen Northcutt

Richard Hammer is the first graduate of the SANS Technology Institute, a post graduate information security college. Stephen Northcutt spoke with Richard to get more of his story about the experience of earning his degree from STI.

View Article

The Role of the Student's Outcome Statement at SANS Technology Institute

By Stephen Northcutt

There are many and varied reasons for a student to apply to graduate school. If you are accepted, you can expect to make a sizable investment in time, energy and money to complete the program. To protect you, and to remain true to our mission statement, the admissions office asks you to complete an Outcome Statement as part of the admissions process.

View Article

What are the characteristics of a professional security technical writer?

By Stephen Northcutt

How do you learn to be a technical writer? There are many programs, but the short answer is that you have to write, a lot, and your work needs to be reviewed by someone qualified to review technical security material.

View Article

Leadership Lab: Information Technology and the Law

View this series only

This series of essays explores the many aspects of technology law relating to computer and information security.

Assembly Bill (AB) 779 Suffers from Sloppy Draftsmanship

By Benjamin Wright, JD

Confusing language in California's AB779, which has gone to the Governor for signature, forbids merchants from retaining certain payment data. It smacks of a legislature precisely dictating technology. When a legislature dictates technology, it risks misunderstanding. It stifles innovation, and raises problems as technology evolves.

View Article

Network Neutrality

By Stephen Northcutt

What is the role of the information security leader with respect to Network Neutrality? There is big money riding on this that could affect the operational cost of network access for your organization or company.

View Article

The Dangers of Too Much Data Privacy

By Philip Alexander

Data privacy is a real hot topic nowadays. Thirty six states plus Washington D.C. have passed data privacy laws requiring that companies notify consumers if their personal data has been stolen. The issue is that a certain amount of data sharing is important.

View Article

Can Cyber Criminals Consent to Being Watched and Foiled?

By Benjamin Wright, J.D.

Computer crime laws protect our use of the Internet, but they also raise issues for security professionals trying to thwart cybercriminals. Benjamin Wright, J.D., examines how decisions regarding consent and criminal law can be applied to efforts to stop botnets and phishers.

View Article

Data Thefts - Give the Public the Disclosure It Seeks

By Benjamin Wright, JD

Lawyers advising an enterprise suffering a data security breach tend to have a circle-the-wagons mentality. They go on the defensive. They fear that lawsuits and government investigations will force their client to pay damages and fines. So they advise the client to clam-up and say the least possible about the incident. But this defensiveness can make matters worse.

View Article

View Archives

New Merchant Liability for Losing Credit Card Data - Jun 14th, 2007

By: Benjamin Wright, JD

The Minnesota Legislature has shaken up the ecosystem in the credit card industry. It has enacted legislation that shifts the rules and risks associated with the protection of credit card data. Benjamin Wright, JD examines why the new law gives Minnesota merchants a bit less incentive to accept credit cards as payment.

View Article

ChoicePoint Marked New Era in Data Security Law - May 31st, 2007

By: Benjamin Wright, J.D.

Remember how ChoicePoint suffered dearly for its 2005 security break-in? Benjamin Wright, J.D. examines their experience, the varied legal responses from California and many other states, and what enterprises should be doing to better protect private data.

View Article

The Hard Realities of IT Outsourcing

By Stephen Northcutt

Outsourcing is driven by five principal concerns: to lower cost, increase speed of growth, focus on core competency, stay compliant with government regulations, and compensate for the difficulty of recruiting and maintaining specialized hot skills talent in a world of increasing IT compensation.

View Article

IT Security Industry Changes

By Stephen Northcutt

Over the past six years, SANS Technology Institute's Stephen Northcutt has been gathering data and stories from security managers in more than 100 US organizations searching for patterns in job changes of security managers and the consultants who support them. The research was triggered by multiple emails from security managers who were facing reorganizations. His conclusions, albeit preliminary, paint a worrisome picture of job prospects for ill-equipped security managers, but also offer promise of some opportunities for success and advancement.

View Article

Leadership and Evacuation

By Stephen Northcutt

Evacuations have saved thousands of lives in incidents ranging from small building fires to massive regional disasters. For many personnel security threats, facility evacuation is effective. In addition, for regional disasters, personnel evacuation is the important first step for families to reconvene and evacuate to another region. Leaders are responsible for ensuring that procedures for evacuation are prepared and practiced; and coordination with Human Resources, Business Continuity and Disaster Recovery Planning, and Executive management should be tested and refined.

View Article

An Interview with Dr. Eric Cole

By Stephen Northcutt

Most study disciplines define a Common Body of Knowledge (CBOK). In Information Security the ISC2 was the first group to do so and their definition is widely held in information security. GIAC has funded a research project with Dr. Eric Cole as a principal investigator to conduct research into the CBOK and make the results freely available to the community.

View Article

Remain as Independent Contractor or Return to Employment Status

By Michael Solomon

Every year I re-evaluate my employment status in an effort to validate my decision to go independent as an IT security consultant. The idea is to recognize any changes in my environment that would indicate that I am no longer on the "right" side of the fence. I know "the grass is always greener on the other side", so I will try to be objective.

View Article

How to Choose the Right Master of Science in Information Security College Program

By Stephen Northcutt

An advanced degree can propel your information security career forward by increasing your respect and equipping you with the knowledge to be a leader in your field. However, many of the programs offered lack the basic foundation and reputation to help with either. A number of these programs have come to my attention because they are teaching pirated materials from SANS courses, especially Incident Handling and Hacker Techniques, Security 5041 and we find them when they post SANS copyrighted study materials on the web. If a professor lacks the skill to develop their own course material they probably lack the skill to really prepare students to be leaders in the field of information security. Yet hundreds of students sign up for substandard education every year. This article offers simple tips to help choose the right program for you.

View Article