Saturday, May 22, 2010

Recovery.Gov -The first U.S. Government Wide Computing Infrastructure To Move To the Cloud

Track The Money in the Cloud

The U.S. Recovery Accountability and Transparency Board set history in May as the first U.S. Government wide computing infrastructure to move to cloud services.
Recovery.gov is charged with the responsibility for providing 100% transparency with all of those Stimulus Package dollars designated to give a boost our down economy. A visitor to the site can see where their tax dollars are being spent and where at.

$$BIG Savings$$

By moving Recovery.gov’s web infrastructure to the cloud, the government is saving over $750,000 during its current budgeting cycle and its estimated that even more money will be saved in the future.

Vendors Used

Amazon was selected as the cloud provider for this historic IT project. Amazon’s Elastic Compute Cloud (EC2) will provide much improvement over government owned systems.

Benefits Gained by the U.S. Government Moving to the Cloud include:

  • Efficient Computer Operations
  • Improved Security
  • Reduced Costs
  • Reallocation of scarce human and technological resources to more vital government IT projects.

Smartronix was the company selected to implement the project.

 “This is the first federal Website infrastructure to be fully hosted and accredited to operate on the Amazon EC2 and was achieved due to the transparent and collaborative working relationship between Team Smartronix and our outstanding government client.” - John Parris, CEO of Smartronix.

What Else is Gained by the Governments Move to the Cloud?

They main significance of the U.S. governments move to Amazon’s EC2 cloud services is growth of confidence. U.S. government officials and security experts have questioned the governance and security of cloud services. But civilian use of cloud computing is growing exponentially and is the hottest trend in Information Technology. A recent white paper by Lockheed Martin discovered that the U.S. government has huge misperceptions about cloud computing and are not comfortable with letting go of managing the physical aspects of their infrastructure.

The Lockheed Martin white paper states the following:

“Widespread lack of awareness and misunderstanding,” as well as “significant trust and governance questions” remain among government officials, who are far less likely then their civilian peers to know about or be using cloud computing software.

To download the full findings of the Lockheed Martin report visit:

Why the Hesitance?

The same Lockheed report from above found that those in the government who won’t embrace cloud technology suffer from lack of awareness, security and governance of cloud computing; thus stifling the governments usage of the growing technology, which also was found to be more perceptual than anything else.

I am happy of this milestone for the U.S. government. This move will help those in the government evolve and use cloud resources and technology wisely to provide better service for the citizens of this county. The risk involved with selecting Recovery.gov is mild and could only jeopardize the current administrations reputation than National Security or from Financial Loss.

Great work U.S!


Amazon Helps U.S. Government Move To The Cloud

Cloud Computing is Misunderstood by Government




Tuesday, May 18, 2010

20 Information Security Jobs With Major Swagger

IT Security jobs that have Major Swagger!

The SANS Top 20 Information Security Jobs that are too cool!
  1. Information Security Crime Investigator/Forensics Expert
  2. System, Network, and/or Web Penetration Tester
  3. Forensic Analyst
  4. Incident Responder
  5. Security Architect
  6. Malware Analyst
  7. Network Security Engineer
  8. Security Analyst
  9. Computer Crime Investigator
  10. CISO/ISO or Director of Security
  11. Application Penetration Tester
  12. Security Operations Center Analyst
  13. Prosecutor Specializing in Information Security Crime
  14. Technical Director and Deputy CISO
  15. Intrusion Analyst
  16. Vulnerability Researcher/ Exploit Developer
  17. Security Auditor
  18. Security-savvy Software Developer
  19. Security Maven in an Application Developer Organization
  20. Disaster Recovery/Business Continuity Analyst/Manager

Closer analysis of Information Security Job #10:

#10 is the job I currently have, ISO (Information Security Officer), and I must admit that you have a lot of authority to make things happen to mitigate the risks that businesses face. As an ISO you don't have the overall responsibility of the company's security Like a Chief Information Security Officer, but you are closer to the action before things are put in place. This allows you to ask lots of questions, properly document, review and test security controls and strategies; or just say no to a business decision around technology that is too risky.

CISO/ISO or Director of Security


"Seems like I can get a lot done with little to no push back"

Job Description
Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.

Why It's Cool?

  •  "Authority always wins."
  •  "These people get to decide where to build the "watch towers", how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."

How It Makes a Difference

  • "You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player, the only one whom the CEO will trust."
  • "This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."
  • "You are da Boss. You can pick and choose who does what, what gets done, and motivate and then share the credit with your people. You make a real impact on a daily basis."

How to Be Successful

Organizations succeed by taking risks, and they frequently fail because they then don't manage the risk-taking very well. The risks are business risks, and the security team needs to see business constituencies as "customers". The "this is how it's always worked" idea must be discarded. Data-driven decisions, devolving perimeter, any-device thinking, collaboration technologies, virtualization, and mobile data are diametrically opposed to prior thinking. Today's solutions are tomorrow's threat, and global and geopolitical landscape shifts are tightly coupled to intellectual and informational threats.

Experience is often the training ground, and diverse thought along with scenario planning is the requirement for a good outcome. Focus on the business goals: Never forget that this is the basis for security thinking.

For more information visit the SANS.org site:

Get Expert Advice!