The firewall: Interview with blogger Daniel Kennedy

The long view of security strategies for your network.

Daniel Kennedy, MSIA, graduated from the Master of Science in Information Assurance program in the School of Graduate Studies of Norwich University in 2008. He has recently become a contributor to an interesting, thoughtful and valuable blog at Forbes Online and I interviewed him recently about his new project. This is the first of a two-part interview.

* * *

What prompted you to create join the Forbes security blog?

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Daniel Kennedy, MSIA, graduated from the Master of Science in Information Assurance program in the School of Graduate Studies of Norwich University in 2008. He has recently become a contributor to an interesting, thoughtful and valuable blog at Forbes Online and I interviewed him recently about his new project. This is the first of a two-part interview.

* * *

What prompted you to create join the Forbes security blog?

Becoming a contributor for Forbes Online was born out of creating the blog PraetorianPrefect last year. On that blog, we (myself and two partners) wanted to create content that would tell a more in-depth and technical story than most blogs, as well as to go after some sacred cows in the information security space, because that was the type of blog we enjoyed and where we sit professionally at Praetorian Security Group (creating an intersection between extremely technically oriented research and the management consulting practices of information security).

I received the Forbes invitation following a nomination for Security Blog of the Year at the RSA Conference for PraetorianPrefect, after which a Forbes writer became a regular reader of our blog.

The Forbes Firewall content is largely meant to be, in the words of the editor Andrew Greenberg, short, smart, and not overly technical. My goal is to relate current stories in information security to the everyday challenges facing people in companies, universities, and government agencies. 'Why did this event occur?' and 'What might have prevented or mitigated its negative effects?' are the types of questions I intend to provide some analysis on for reader thought and discussion.

Whom are you writing for (what’s your intended audience)?

We are writing primarily for security and IT executives and practitioners, but we want to be useful to anyone who wants to develop a greater understanding of the issues faced in information security. For example, the recent scareware article is written in a style that can appeal to family members of Firewall's readers to help protect non-technical people from these scams. I hope it gets forwarded around a bit by Firewall readers.

In general, I hope the content will be useful to people with differing areas of expertise.

What would you like readers to be able to do – or to do better – after they read your columns?

I'd really like them to ask more questions about what's happening around them. Before they hire a vendor, demand answers as to how personal data is protected. Before installing a specialty vendor product, ask about the last time it underwent a security test and to see the results. I want readers to understand that security breaches are serious events and require professional evaluation of what has happened, both from a due care standpoint as well as a regulatory one.

Basically, I hope the blog can help to reduce the number of people treating information security concerns as an afterthought and who minimize its importance. The gap between those who have their act together and those who do not is an enormous chasm.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.