SANS Technology Institute: Security Musings
Welcome to the Security Musings on sans.edu. I'm Stephen Northcutt and like many of you I am a manager and leader with an information technology job. At the SANS Technology Institute, we are always striving to become more skilled and knowledgeable in computer security as well as the people side of the job. These security musings are an informal set of articles, book reviews and whitepapers, almost a blog, about security, information technology, and the computer security industry. As we learn more, ponder issues and research content for SANS Management 512, Security Leadership Essentials and the GIAC Security Certification, we will continue to add to this site. Our hope is for this to be a resource for the community and we would love to hear from you. Feel free to drop us a note at stephen@sans.edu.
Click here to subscribe to the Musings Article Feed- Information Security Travel Guide >> View This Series Only
Stephen Northcutt, an Information Security Researcher, United Airlines 1k, Writer and Instructor, documents the struggles of the travel and hospitality industries as we all face rapidly increasing energy costs. He and his peers share their travel experiences and give you quick tips and short reviews of the companies they do business with as they travel. If you came across this article because of a Google search, what you want is probably here, just use find with your browswer (CTRL - F), it is easier than reading from top to bottom; however, you may get some useful tips if you stick around and read. Each major cluster of trips is documented in a separate file.
United Airlines News - Updated September 2nd, 2010
By Stephen Northcutt
Stephen Northcutt, a United 1k traveler, collects pertinent news and blog items about airlines, especially United Airlines. We will keep you up to date on news, problems and other stories related to airline travel. Might even toss in a personal experience or two.
United 1K News Archive - July 16th, 2010
By Stephen Northcutt
Older postings about United Airlines
Information Security Travel Guide Edition 17 - Updated September 2nd, 2010
By Stephen Northcutt
In this edition of the information security travel guide, Stephen and Kathy will head to Richmond Virginia and then to San Diego for SANS Security West 2010 with a return to Kauai. Then back to Richmond for the Chicago concert, up to Baltimore and a trip to Palm Springs after SANSFIRE 2010, back to Kauai for a couple of weeks, then on to Seattle, Boston, Richmond Branson, Pittsburg, Dayton, Seattle, Virginia Beach and more. We will talk about the latest airline add-on fees, the impact of an improving economy putting more people in airports, the restaurants and hotels that we meet and, of course, a bit about information security.
Version 1.9Information Security Tour Guide Edition 16 - Updated April 27th, 2010
By Stephen Northcutt
Thank you for joining us; this edition will cover Kauai, Richmond Virginia, Germany, Orlando Florida, Jamaica and the airports and airlines required to get from one point to the other. Finally we spend a couple of weeks on Kauai.
Things to See, Do, Absorb on Kauai - Updated July 19th, 2010
By Stephen and Kathy Northcutt
Version 1.1A personalized guide for special things to do on Kauai, from residents Stephen and Kathy Northcutt. Many of the best things to do in the Hawaiian islands are for free, and when you visit Kauai, we would love to have you enjoy this lovely island as much as we do. We offer you our take on great places to drive, hike, swim, eat, and kick back.
Information Security Travel Guide Edition 15 - Stephen Northcutt - Updated February 23rd, 2010
By Stephen Northcutt
In edition 15 of the information security tour guide we begin in Poipu Kauai, we will be attending the HICSS conference, then off island to New Orleans for SANS Security East 2010, and then on to Curacao and back to Richmond VA, and finally back to Kauai. We will document the hotels and restaurants we visit. We will also detail the struggles of travel after the Nigerian Islamic terrorist, Umar Farouk Abdulmutallab, tried to blow up a plane headed for Detroit on Christmas day. We will talk about information security, food, and similar things as well.
Information Security Travel Guide: Tips for Traveling - Updated November 22nd, 2009
By Stephen Northcutt
Version 1.3One of the readers of the SANS Information Security Travel Guide asked me to put all the travel tips in one place, so here is a consolidation of tips from my travel experiences and research.
- Excellent Conference Hotels >> View This Series Only
SANS is always looking for the best in conference hotels - Stephen Northcutt describes some of them.
The Hyatt Manchester is my favorite San Diego conference hotel - August 8th, 2009
By Stephen Northcutt
San Diego is blessed with many great hotels that can support a meeting, but the Hyatt Grand Manchester is my favorite.
What hotel should I choose in New Orleans - Updated July 13th, 2010
By Stephen Northcutt
The Sheraton is a world class hotel in the perfect location to enjoy yourself in the French Quarter of New Orleans.
The Marriott Wardman Park is my favorite Washington DC conference hotel - Updated August 8th, 2009
By Stephen Northcutt
If you are running a conference event in Washington DC, and you do not need the downtown convention center, consider Northwest DC and, in particular, the Wardman Park Marriott Hotel. Stephen Northcutt of the SANS Technology Institute looks at three conference hotels in Northwest DC from the event planner's perspective.
- SANS Insider Guide to Boston >> View This Series Only
This is a fact filled introduction to of one of the greatest cities in the U.S. as we look forward to returning this year for SANS Boston 2010. By the way, some of the facts are pure fiction especially any references to base 16; hope you do not mind, and this should not be used as a primary source.
Insider's Guide to Touring Boston - May 26th, 2010
By Stephen Northcutt
I think Boston is best visited on foot, but there are other options, a world class mass transit system, tourist trolleys, buses, haven't found a rickshaw yet, but will keep looking.
Insider's Guide to SANS Boston 2010 - May 4th, 2010
By Stephen Northcutt
Version 3.3SANS Boston 2010, August 2 - 8, 2010, is one of my favorite conferences. If you are going to visit Boston, July to September is the season you want to target, but I think August is the best month to visit: the weather is nice, the flowers are blooming, people seem happy (that changes a bit from November to March). The conference is held at the Hyatt Regency Boston, a wonderful hotel, and to be downtown just a block from Boston Common, the first American park, and Chinatown.
SANS Boston Insider's Guide Fun Facts - Updated June 2nd, 2010
By Stephen Northcutt
Version 1.4Some of the information given is tongue and cheek, especially anything that is base 16, but if you invest ten minutes reading this, you will know a lot about Boston that is only available from an insider. This way you can impress the locals and you will have more appreciation for this great city.
SANS Boston Haiku Contest - May 3rd, 2010
By Stephen Northcutt
SANS Boston is sponsoring a haiku contest on twitter. Judge is Craig Duerr, and the Judge's word will be final. In honor of the conference location just outside Chinatown, the prize is a Kung Fu Iron Fan and a framed Honorary GIAC Certified Fan Expert certificate. Amaze your friends, be the first on your block, in fact, the only one on your block to have one.
Grading the SANS Boston Haiku Contest - May 22nd, 2010
By Craig Duerr
The Haiku contest was a little more complex than it should have been so grading it was a bit of a chore. Craig Duerr, an honorary GIAC Certified Haiku Master ( GCHM) created a script to do the heavy lift. The process and script can be found on this page.
SANS Insider's Guide to Boston Movies, Books and Songs - May 3rd, 2010
By Stephen Northcutt
Boston and its residents are showcased in many ways; it has been the subject of and background for many movies, books and songs, and there are many well-known characters that have Boston as their home.
SANS Boston Insider's Guide to Restaurants - Updated May 4th, 2010
By Stephen Northcutt
Version 1.1What's not to like - a look at the many possibilities for a great meal (or two) in Boston.
Insider's Guide to Boston's Social Media - May 3rd, 2010
By Stephen Northcutt
A description of social media links to learn more about Boston including cool organizations and news, sports, interesting businesses, job-search sites, and thought leaders.
- Information Security Travel Guide Archive >> View This Series Only
Collected Information Security Travel Guides by Stephen Northcutt, from July 2008 through December 2009. Traveled a lot, taught some great students, had a range of culinary experiences, and enjoyed sharing his experiences.
Information Security Travel Guide Edition 14 - Stephen Northcutt - Updated December 10th, 2009
By Stephen Northcutt
Stephen and Kathy Northcutt, your faithful infosec tour guides will be headed for a college business meeting in Bethesda Maryland. down to Richmond VA, off to London for SANS London 09, back to Richmond, then up to Washington DC for our Cyber Defense Initiative conference. Along the way we will talk about the joys and difficulties of travel since the Great Recession has caused so many amenities to be removed; we will also mention the restaurants and hotels we visit, maybe throw in a recipe or two; and, of course, a security tip here and there. At least, that is the plan for Edition 14 of the Information Security Tour Guide.
Information Security Travel Guide Edition 13 - Stephen Northcutt - Updated November 21st, 2009
By Stephen Northcutt
Stephen and Kathy Northcutt, your faithful security travel guides, will leave Kauai for New York City and a tour of Israel. We will talk about prepping to go, flying ultralights on Kauai with Big Sky Kauai, getting our new HP Minis set up; we will cover the places we go, what we learn, and any food we get to eat, and, of course, find a way to mention security along the way!
Information Security Travel Guide Edition 12 - Stephen Northcutt - Updated October 5th, 2009
By Stephen Northcutt
We will talk about security, safety, travel experience, and of course, restaurants. In this edition, Stephen documents his travels, beginning home on Kauai in preparation for a trip to Boston, Greece, VA Beach and SANS Network Security 2009 in San Diego.We end with a trip to the Navy lab where it all started, NSWC Dahlgren.
Information Security Travel Guide Edition 11 - Updated July 25th, 2009
By Stephen Northcutt
Stephen Northcutt, your infosec travel guide, begins edition 11 on Kauai. His next travels are Richmond VA/San Antonio TX for an onsite, then a couple weeks on Kauai and off to Baltimore MD for #sansfire09. And then down to Southern Florida for the sfissa.org conference. Finally after a week on Kauai, he is off to Denver, Tokyo, and back to San Antonio. Along the way, he will try to share about information security, a bit about the potential pandemic and any travel news that comes his way.
Information Security Travel Guide Edition 10 - Stephen Northcutt - Updated April 28th, 2009
By Stephen Northcutt
Stephen Northcutt, your Security Tour Guide, is preparing for his next trip, it will include a log management conference in Washington DC, some family time in Richmond VA, teaching at Tysons Corner conference, and then off to San Francisco for RSA 2009, before returning to Kauai.
Version 1.12Information Security Travel Guide Edition 9, Kauai to Frederick MD, Phoenix AZ, and back to Kauai - Updated March 31st, 2009
By Stephen Northcutt
Version 1.4I'm gearing up for travel to Fort Detrick near Frederick Maryland to teach Management 512 SANS Security Leadership Essentials. A big focus of the trip will be to prepare them for their 8570 GIAC GSLC exams. From there I'll head to Phoenix Arizona for a SANS conference. This edition will cover information security topics, travel tips, a word or two about restaurants and musings on life in general. Also, if you have time, please take a look at my United Airlines blog as well.
Information Security Travel Guide: February-March 2009, Kauai to Orlando, FL - Updated March 10th, 2009
By Stephen Northcutt
Version 1.3Stephen is preparing to go to Orlando for SANS2009, but he gets a chance to be home on Kauai for a few days before flying and take a look at what's happening in the world of information security, Facebook Google ad scams, and current affairs.
Information Security Travel Guide: January - February 2009, Kauai to Las Vegas NV, Richmond VA,Toronto ONT, and San Diego CA - Updated February 18th, 2009
By Stephen Northcutt
Version 1.5Stephen spent some time at home on Kauai during the holidays before their current trip to SANS Security West 2009 in Las Vegas. He was able to visit with family as well as catch up on recent information security news blogs and alerts.
Information Security Travel Guide: November - December 2008, Kauai to Italy, Washington DC and Richmond VA - Updated December 27th, 2008
By Stephen Northcutt
Version 1.4Stephen spent some time before their trip to Italy, London and beyond, to get caught up on all the latest information security courses, blogs and alerts, and he shares some recent trends in the airline industry that are important to frequent and casual travelers alike. And then, they are off and running in Italy, discovering historical sites, wonderful food, and breathtaking art; Stephen also has some great travel tips to share about getting around in Italy.
Information Security Travel Guide: October 2008, Kauai to Monterey CA and Richmond VA - Updated November 11th, 2008
By Stephen Northcutt
Version 1.4A two week trip to Monterey, CA and Richmond, VA has commenced for this instructor, and there are a lot of stories to discuss about information security, travel, airlines, and the hospitality industry.
Information Security Travel Guide: October 2008, Kauai to Houston - Updated October 22nd, 2008
By Stephen Northcutt
Stephen spends some time before his trip to Houston to offer some findings from his internet searches on airlines, travel experiences and information security. Then, safely booked at a hotel in the Galleria area, he shares some of the ups and downs of running a small MGT512 class at the Hilton Garden Inn, Galleria area.
Information Security Travel Guide: September 2008, Kauai to Las Vegas - Updated October 8th, 2008
By Stephen Northcutt
We will talk about security, safety, travel experience, and of course, restaurants. In this edition, Stephen documents his travels, beginning home on Kauai in preparation for a trip to Las Vegas and SANS Network Security 2008.
Information Security Travel Guide: August-September 2008, Boston, Richmond, Virginia Beach, Chicago, Branson - Updated September 23rd, 2008
By Stephen Northcutt
Version 1.4In this edition, Stephen documents his travels, including Boston, Fredericksburg Virginia, Virginia Beach, Richmond Virginia, Chicago, Branson MO and Chesterfield Virginia, including restaurants and products encountered. Lots of people say they want to travel; Kathy and Stephen are living the dream, working their way with writing and teaching across this nation and the world.
Information Security Travel Guide: July 2008, Quantico, Atlanta and Washington DC - Updated October 23rd, 2008
By Stephen Northcutt
Version 1.2A three week trip to Quantico, VA, Atlanta, GA, and Washington, D.C. provides this instructor with a wide range of travel and hospitality experiences. Hopefully you can glean some useful tips in this travel diary from a very frequent flier.
Ethics in Information Security - November 6th, 2008
By Stephen Northcutt
This is a response to an article by David Mortman that was posted on Search Security. Before, I go any further, I want to state that I agree with David more than I disagree with him, however, Seach Security needs to do more fact checking. I felt his earlier article also suffered from opinion over fact and contacted him to try to share information.
Laptop Security - March 20th, 2008
By Ted Demopoulos and Stephen Northcutt
If there is one area of information security we need to make progress on, it is laptop security. They are small, easily sold, and valuable, and criminals are starting to understand the data they hold can be worth far more than the laptop itself. Here are some practical tips on physical security for laptops.
- Musings: Press Releases >> View This Series Only
This series will include press releases from The SANS Institute covering computer, network, and information security training.
Press Release: Management 512 Security Leadership Essentials for Managers now NIST SP800 Compliant - January 30th, 2008
By Stephen Northcutt
SANS announces computer security management training is now NIST SP800 compliant. SANS Security Leadership Essentials For Managers is now incorporating guidance from NIST Special Publications in the 800 series.
Press Release: MAC OSX now supported in SEC508 (Systems Forensics, Investigation and Response) - September 1st, 2007
By Rob Lee
Rob Lee announced today, "I am pleased to announce that my course now supports a student who wishes to bring a Intel Based MAC to the course. I performed a final live test with it this past week here in VA Beach with several students using a Intel Based MAC in the course."
Press Release: GIAC program change to all proctored exams - August 31st, 2007
By Stephen Northcutt
As GIAC moves forward with the ANSI 17024 accreditation process, all GIAC certification exams will be administered in a proctored environment. Administering all certification exams in a proctored environment will raise the credibility of the GIAC program and the certifications that individuals hold.
Press Release - SANS Partner Series Oct 15-19 SEC504: Hacker Techniques - August 31st, 2007
By Stephen Northcutt
SANS Partners with the State of Texas to teach Hacker Techniques, Exploits and Incident Handling Training at a substantial reduction in cost, October 15-19, 2007; SANS Partnership program is open to States, Law Enforcement, or Educational Institutions. What is particularly unique about this course offering is the pricing: SANS Partnership Series is an important way of delivering essential information security training at significant savings. The price for the upcoming class in Texas is $1150, about 1/3 of SANS regular pricing. You are eligible for this price if you are an employee of a state or local agency, a member of law enforcement at the state or local level, or a faculty or staff member from an accredited educational institution.
New Orleans and SANS Security 2008 - November 22nd, 2007
By Stephen Northcutt
The good news is SANS is going back to New Orleans, January 12 - 18 for SANS Security 2008. Let's take a look at what makes New Orleans one of the most unique cities in the United States and a great place to attend a conference.
Does GIAC need to create a HIPAA Certification? - October 31st, 2007
By GIAC Advisory Board
Recently, Stephen Northcutt was contacted by a former employee of HIPAA Academy telling him that GIAC needed to create a HIPAA certification. It seemed like a lot of work, but GIAC would be willing to do it if the world needed it. To get clarification, he asked the GIAC Advisory Board (students that score 90 or above on their exams are invited, and they are a pretty smart bunch of folks). Here are their thoughts.
GIAC Status Report October 2007 - September 19th, 2007
By Stephen Northcutt
As the Global Information Assurance Certification series enters its eighth year of operations and tenth year of development, I have been asked to update an article I wrote several years ago about GIAC. If someone told me in 1998 that one day I would run one of the most advanced technical security certification programs in the world, I would have laughed in their face. I had been given the offer several times, but flatly refused it because it sounded like a whole lot of work.
Is Civil Disobedience Ethical? - September 4th, 2007
By Stephen Northcutt
The current Hawaii Superferry controversy brings up important questions about the ethics of civil disobedience. Many of us are in fields that are governed by a code of ethics or
conduct. Let me encourage you to take a minute and take stock of your
own life and point of view. Under what circumstances might you
participate in civil disobedience, under what circumstances might you
withdraw?
Musings on Branding - Learning Tree - August 7th, 2007
By Stephen Northcutt
Stephen Northcutt examines the marketing materials created by Learning Tree in comparison to SANS branded materials, and he concludes, "...this package was
their ambassador and it did not move me. In the same way, our web page and our brochure
are our ambassadors. We need to make them as good as we can."
Is Tech Target deliberatly misleading with respect to Information Security Certification? - July 30th, 2007
By Stephen Northcutt
Stephen Northcutt of The SANS Technology Institute examines the premises and conclusions set forth by Robert Westervelt in a recent blog regarding current security certifications available to IT professionals.
Review of FISMA Certification and Accreditation Handbook by Laura Taylor - May 8th, 2007
By Stephen Northcutt
Laura Taylor's FISMA Certification and Accreditation Handbook is reviewed by Stephen Northcutt. The bottom line from Stephen: this book is complete, comprehensive, and accurate. He could not find one single example of the obtuse writing that tends to
show up in the NIST and other government documents, and he believes that the book gives you a real path
through the Federal certification and accreditation maze.
Is Wikipedia Appropriate for College Citations? - February 21st, 2007
By Stephen Northcutt
CT News Update lead headline story begins: Vermont's Middlebury College has banned the use of the online encyclopedia Wikipedia as an acceptable source of academic information for students, United Press International reported.
Introducing: Podcasts from PaulDotCom Security Weekly - January 22nd, 2007
By Stephen Northcutt
On January 12, we released an article titled CERT is doing podcasts? While doing the research for this article, we came across PaulDotCom Security Weekly, a weekly computer security podcast, or pre-recorded Internet radio show, that focuses on security news, vulnerabilities, research, and hacking. We find the show and cast very interesting.
Book Review - The 21 Irrefutable Laws of Leadership, by John Maxell - January 1st, 2007
By Stephen Northcutt
Leadership books remind me of cooking: there are a finite number of common ingredients that make up the majority of dishes, but there seems to be an infinite number of ways to combine and present these ingredients.
