J Wolfgang Goerlich's thoughts on Information Security
Friday Books and Talks 05/29/2015

By wolfgang. 29 May 2015 07:12

The Reinventors
by Jason Jennings

For most businesses, success is fleeting. There are only two real choices: stick with the status quo until things inevitably decline, or continuously change to stay vital. But how? Bestselling leadership and management guru Jason Jennings and his researchers screened 22,000 companies around the world that had been cited as great examples of reinvention. They selected the best, verified their success, interviewed their leaders, and learned how they pursue never-ending radical change. The fresh insights they discovered became Jennings's "reinvention rules" for any business.

The Power Presenter
by Jerry Weissman

Jerry Weissman is the presentations coach to Microsoft, Cisco Systems, and many of America's top executives, including founding Yahoo CEO Tim Koogle, Intuit founder Scott Cook, Netflix founder and CEO Reed Hastings, and many others. Now America's top coach reveals the same powerful strategies he teaches to CEOs in expensive private sessions. Learn why your body language and voice are more important than your words, how to present with poise and confidence naturally, and how to connect with any audience emotionally. Filled with illustrative case studies of Barack Obama, Ronald Reagan, George W. Bush, John F. Kennedy, and many others, The Power Presenter will bring out the best in anyone who has to stand and deliver.

by Sophie Scott
Did you know that you're 30 times more likely to laugh if you're with somebody else than if you're alone? Cognitive neuroscientist Sophie Scott shares this and other surprising facts about laughter in this fast-paced, action-packed and, yes, hilarious dash through the science of the topic.

Tags:

InfoSec Institute: IT Thought Leader Interview

By wolfgang. 27 May 2015 13:31

J. Wolfgang Goerlich is an influential leader and IT management executive with the ability to act as a cultural change agent, driving security initiatives and raising security postures. He currently works as a Cyber Security Strategist for Creative Breakthrough Inc (CBI) and has been in the industry for over 20 years. Areas of expertise include managing culture, ITGRC, security community and mentorship, application security and team leadership.

1. Early this year, you took the position of cyber security strategist at CBI. What exactly does this position entail?

As a security strategist at CBI, my role is connecting people and ideas to develop strategies for improving cyber security. I work with the senior leadership at CBI’s customers to understand their business strategy and collaborate on plans for aligning and maturing their security activities. Within CBI, I provide technical leadership and expertise toward our service lines and vendor partnerships. On select engagements, I work directly with the consulting team to deliver impactful results to our customers.

Another aspect of my position, which I find rewarding, is leading the CBI Academy. I have been mentoring and coaching professionals in my local community for years, so leading the Academy was a natural fit. We often hear CISOs talk about the lack of security talent for staffing their teams. At the same time, we often hear students talk of the difficulty in identifying and gaining the in-demand skills. With CBI Academy, we bridge the gap with an apprenticeship program that accelerates the careers of recent university graduates.

Read the rest at:

http://resources.infosecinstitute.com/interview-j-wolfgang-goerlich-cyber-security-strategist-for-creative-breakthrough/

Tags:

General

Wired: DevOps isn't a job, but it is still important

By wolfgang. 22 May 2015 07:10

"Traditionally, companies have at least two main technical teams. There are the programmers, who code the software that the company sells, or that its employees use internally. And then there are the information technology operations staff, who handle everything from installing network gear to maintaining the servers that run those programmers’ code. The two teams only communicate when it’s time for the operations team to install a new version of the programmers’ software, or when things go wrong. That’s the way it was at Munder Capital Management when J. Wolfgang Goerlich joined the Midwestern financial services company in 2005."

Read the rest at: http://www.wired.com/2015/05/devops-isnt-job-still-important/

Tags:

Team management

Phone phreaking visits Apple Pay's authentication

By wolfgang. 18 May 2015 08:43

There is a new attack on Apple Pay involving an old phreak tactic. Read about it here:

Has Your Phone Number Been Stolen? Another Apple Pay Fraud Hits the Nation
https://www.mainstreet.com/article/has-your-phone-number-been-stolen-another-apple-pay-fraud-hits-the-nation

The fraud works by knowing the mobile carrier and number the target uses for device identification, contacting the carrier to port the number to a phone the criminal has, then using the number to authenticate and add the criminal’s device to the victim’s Apple Pay account. Illegally porting telephone numbers has been around for some time. Criminals are re-using the old technique to subvert Apple Pay’s device authentication mechanism. 

What can consumers do to protect themselves? First, use a telephone number that is not well known for device authentication. Many people use their home landline phone number, which is often easy to discover. Second, inquire with the carrier about their policies around authorizing porting and notifying customers. Third, keep a close eye on Apple Pay for unfamiliar devices.

The ways banks can protect consumers is as old as the tactic of stealing phone numbers. It comes down to account monitoring and fraud detection. Today's behavioral analytics are equally adept at spotting misused credit cards as they are spotting misused accounts linked to Apple Pay. Banks and other financial institutions must review their anti-fraud programs to ensure they apply to emerging payment processes like Apple Pay.

All in all, this is an example of an old tactic being applied to a new payment processing system. When developing new systems, it always pays to consider how previous attacks might apply.

Tags:

Risk Management | Threat modeling

Starbucks gift card fraud

By wolfgang. 15 May 2015 12:42

Starbucks is in the news as criminals abuse its online services through fraudulent gift card purchases. On the surface, the issue appears to be about consumers’ passwords and the poor practices around their use. There is more to the story, however, and I would argue two deeper concerns are the real issue. The first is in how emerging payment systems are monitored and secured. The second is in how online services are developed and maintained. 

Read the rest at: http://content.cbihome.com/blog/starbucks_giftcard_fraud

Tags:

Application Security | Risk Management

Friday Books and Talks 05/15/2015

By wolfgang. 15 May 2015 07:36

Reviving Work Ethic: A Leader's Guide to Ending Entitlement and Restoring Pride in the Emerging Workforce
by Eric Chester (Author)

For frustrated managers and leaders, a guide to instilling a strong work ethic in the modern workforce. Work ethic in America is fast declining, plaguing young and old alike. But in Reviving Work Ethic, Eric Chester shows that you do best to focus on your young employees--those whose habits and ideals can still be influenced. He presents an incisive look at the root of the entitlement mentality that afflicts many in the emerging workforce and shows readers the specific actions they can take to give their employees a deep commitment to performing excellent work.

And his advice is crucial to a healthy bottom line: too often, talented-but-difficult-to-understand younger workers stand between your company and its profits. If business owners, managers, and executives are not connecting with them and modeling the key components of work ethic, employees are likely not connecting effectively with customers--leaving all kinds of money on the table.

Reviving Work Ethic is the culmination of years of research as well as presentations to over two million youth. Chester's experience shows in his confident analysis of the seven

Tags:

Friday Books and Talks 05/08/2015

By wolfgang. 8 May 2015 10:23

The Spider's Strategy
by Amit Mukherjee

To thrive in a world where networks of companies increasingly compete with other networks, managers can no longer focus solely on excellence in planning and execution. In The Spider’s Strategy, top business consultant Amit S. Mukherjee provides the tools you need to sense and respond to unexpected events. He shows how and why managers in your company must apply his four powerful “Design Principles” today.

The Well-Timed Strategy
by Peter Navarro

It’s not enough to understand the business cycle and the industry cycle. In The Well-Timed Strategy, Peter Navarro discusses today’s unprecedented level of macroeconomic turbulence – from oil price hikes to drought and disease. Whether an executive, a strategist or an investor, Navarro provides the tools to align every facet of business strategy, tactics and operations to reflect changing business conditions. Keeping in mind finance, supply chains, production, marketing, HR and more, the author outlines ways to profit from the chaos of business cycle volatility by implementing the appropriate strategy.

Tags:

General

    Log in