Posts Tagged ‘identity management’

It’s been 13 years since I last authored a book so to avoid any comparisons to J. D. Salinger, known for his virtual disappearance from the publishing scene after releasing his most famous work (people often get us confused), I dipped a toe in the book business again in at least a small way …

ISMH CoverIf you’ve ever tried studying for the CISSP (Certified Information Systems Security Professional) exam, often referred to as the “gold standard” of professional certs for the IT security industry,  you’ve probably run across the Information Security Management Handbook. Now in its 6th edition, this collection of essays covering the 10 domains of what is referred to as the CBK (Common Body of Knowledge) is updated annually with new chapters on issues relevant to practitioners. 

This year’s update (Volume 7), includes 27 new chapters including my $0.02’s worth (maybe less) on Identity and Access Management (a.k.a. IAM) architecture. I adapted this from a presentation that the publisher saw me give at InfoSec World 2012 and hope you find it useful.

It’s an honor to have my words alongside those from some of the true leaders of the industry, many of whom are probably now scanning the table of contents and wondering how I slipped in.  🙂



Here’s the video stream (with slides) of the keynote address I gave at last month’s OOP 2013 conference in Munich on the subject of Social Media threats and how they relate to key Identity Management issues involving authentication.

OOP 2013 Keynote - Munich, 22 Jan 2013

OOP 2013 Keynote – Munich, 22 Jan 2013


In case anyone is interested, I’ll be doing three presentations at the upcoming InfoSec World 2013 conference in Orlando, FL, April 15-17.

This will be the 8th year that I’ve presented at the conference dating all the way back to my first appearance in 1999. The folks at MIS Training Institute that run this event always do a great job so I’m looking forward to yet another interesting event where I’ll, hopefully, get to meet some of you and hear about the latest hacking techniques from the other presenters.

I’ll be presenting the following topics which you can read about in the conference brochure.

  • “Creating an End-to-End Identity Management Architecture”
  • “Federated Identity Management”
  • “How Secure Are We? Identity Management and Social Networking Threats”

By the way, the brochure has different speakers listed for the first session listed above but I’ve been asked to fill in for the original cast.

Hope to see you there!




Posted: October 30, 2012 in Uncategorized
Tags: , , ,

I will be presenting at the Object Oriented Programming 2013 conference in Munich on January 22 on the subject of Social Media security and privacy threats and Identity Management. Here’s the link to the event’s web site (click on the British flag in the top right corner for English):



In preparation for the conference, I also did an interview with Matthias Bohlen, which introduces the topic and gives a taste of what I will be covering in the talk. The podcast can be downloaded for free from iTunes at:




Hope you find it interesting and if you’re going to be in Munich at that time, please stop by the session and say “hi.”

Actually the conference is in Scottsdale but Glen Campbell probably wouldn’t think that has quite the same ring to it, hence the poetic license.

Anyway, I’ll be presenting on the topic of “Creating an End-to-End Identity Management Architecture” at the IT Audit & Controls Conference on Oct 31, 2012. You can click on graphic below to view logistics and detailed agenda. Hope to see you there…

For those of you in the London area (or those who would like to be), I’ll be presenting on the topic of social media security threats with a focus on identity management aspects at Data Management and Information Quality Conference Europe 2012 on 7 November. Please look me up if you are planning to attend.


I’ll be presenting at InfoSec World 2012 in Orlando, which runs April 2-4. My talk will be on the first day at 1:30 on the subject of “Creating an End-to-End Identity Management Architecture” and will cover the following:

• A holistic view of the various components that comprise an enterprise-wide identity and access management infrastructure
• The appropriate role of directories, metadirectories and virtual directories – what they reasonably can and cannot do
• The elements of an automated account provisioning/de-provisioning system
• How role management can help you get a better handle on identities
• Lessons learned and best practices of identity management

I’ve been attended and presented at this conference numerous times over the past decade and found it always to be one of the best of its kind. If you can make it down to Orlando, please stop by and say “hi.”

Welcome to Inside Internet Security — the blog. I qualify it that way since it is named after a book I wrote about a dozen years ago which, in a sense, served as the launch pad for what has been an amazing personal journey through the intricacies of IT security in the age of the Internet.

It seems somehow appropriate to commence this new (for me) means of outreach through social media with an exploration of some of the security risks inherent in this format. So in that spirit, I offer up a link to a keynote talk I did in September of 2011 at the New York Institute of Technology’s Cyber Security Conference for your consideration in hopes that it will provoke some thinking on the topic.

In this talk I discuss some of the vulnerabilities in the social networking format as well as cite examples of real world attacks and compromises that have occurred on Facebook and LinkedIn along with some discussion of the weaknesses that exist in current authentication technologies such as passwords and biometrics. (There were some technical difficulties with the audio at the start but it smooths out soon.)

Enjoy …

NYIT Cyber Security Conference: How Secure Are We? Identify Management and Social Networking Threats