Archive

Archive for the ‘Press’ Category

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements

February 19th, 2010 No comments

Here is some of the recent coverage from the last couple of months or so on topics relevant to content on my blog, presentations and speaking engagements.  No particular order or priority and I haven’t kept a good record, unfortunately.

Important Stuff I’m Working On:

Press/Technology & Security eZines/Website/Blog Coverage/Meaningful Links:

Recent Speaking Engagements/Confirmed to  speak at the following upcoming events:

  • Govt Solutions Forum Feb 1-2 (panel |n DC)
  • Govt Solutions Forum Feb 24 D.C.
  • ESAF, San Francisco, March 1
  • Cloud Security Alliance Summit, San Francisco, March 1
  • RSA Security Conference March 1-5 San Francisco
  • Microsoft Bluehat Buenos Aires, Argentina – March 16-19th
  • ISSA General Assembly, Belgium
  • Infosec.be, Belgium
  • Codegate, South Korea, April 7-8
  • SOURCE Boston, April 21-23
  • Shot the Sherrif – Brazil – May 17th
  • Gluecon , Denver, May 26/27
  • FIRST, Miami, FL,  June 13-18
  • SANS DC – August 19th-20th

Conferences I am tentatively attending, trying to attend and/or working on logistics for speaking:

  • InterOp April 25-29 Vegas
  • Cisco Live – June 27th – July 1st Vegas
  • Blackhat 2010 – July 24-29 Vegas
  • Defcon
  • Notacon

Oh, let us not forget these top honors (buahahaha!)

  • Top 10 Sexy InfoSec Geeks (link)
  • The ThreatPost “All Decade Interview Team” (link)
  • ‘Cloud Hero’ and ‘Best Cloud Presentation’ – 2009 Cloudies Awards (link), and
  • 2010 RSA Social Security Bloggers Award nomination (link) ;)

[I often get a bunch of guff as to why I make these lists: ego, horn-tooting, self-aggrandizement. I wish I thought I were that important. ;) The real reason is that it helps me keep track of useful stuff focused not only on my participation, but that of the rest of the blogosphere.]

/Hoff

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements

October 26th, 2009 1 comment

Microphone

Here is some of the recent coverage from the last month or so on topics relevant to content on my blog, presentations and speaking engagements.  No particular order or priority and I haven’t kept a good record, unfortunately.

Press/Technology & Security eZines/Website/Blog Coverage/Meaningful Links:

Podcasts/Webcasts/Video:

Recent Speaking Engagements/Confirmed to  speak at the following upcoming events:

  • Enterprise Architecture Conference, D.C.
  • Intel Security Summit 2009, Hillsboro OR
  • SecTor 2009, Toronto CA
  • EMC Innovation Forum, Franklin MA
  • NY Technology Forum, NY, NY
  • Microsoft Bluehat v9, Redmond WA
  • Office of the Comptroller & Currency, San Antonio TX
  • Intercloud Working Group, GooglePlex CA ;)
  • CSC Leading Edge Forum, VA
  • DojoCon, VA

I also forgot to thank Eric Siebert for putting together the VMware Top 20 blog list and putting me on it as well as the fact that Rational Survivability made the Datamation 2009 Top 200 Tech Blogs list.

/Hoff

On the Overcast Podcast with Geva Perry and James Urquhart

March 13th, 2009 No comments

Overcastlogo
Geva and James were kind (foolish?) enough to invite me onto their Overcast podcast today:

In this podcast we talk to Christopher Hoff, renowned information security expert, and especially security in the context of virtualization and cloud computing. Chris is the author of the Rational Survivability blog, and can be followed as @Beaker on Twitter.
Show Notes:

    • Chris talks about some of the myths and misconceptions about security in the cloud. He addresses the claim that Cloud Providers Are Better At Securing Your Data Than You Are and the benefits and shortcomings of security in the cloud.
    • We talk about Chris's Taxonomy of Cloud Computing (excuse me, model of cloud computing)
    • Chris goes through some specific challenges and solutions for PCI-compliance in the cloud
    • Chris examines some of the security issues associated with multi-tenant architecture and virtualization
Check it out here.

/Hoff 

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements

February 2nd, 2009 No comments

Microphone

Here is some of the recent coverage from the last couple of months on topics relevant to content on my blog, presentations and speaking engagements.  No particular order or priority.

Press/Technology & Security eZines:

Website/Blog Coverage/Meaningful Links:

I should note that many of my cloud computing writing is being republished over at the SYSCON Cloud Computing Journal with a self-branded mini-site: ChristoferHoff.Sys-Con.com

Podcasts/Webcasts/Video:

I am confirmed to  speak at the following upcoming events:

  • Source Boston  - Boston, MA – March 11-13
  • TechTarget Threat Management Decisions Summit – New York, NY – March 26
  • Americas Growth Capital InfoSec Conference (keynote) – San Francisco, CA, April 20
  • RSA 2009 (multiple sessions) – San Francisco, CA, April 21-24
  • Virtualization Congress – Las Vegas, NV, May 4-7
  • (there are others being sorted at the moment

I should/will be attending the following events:

  • Shmoocon
  • Cloud Computing Expo   

/Hoff

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements

August 28th, 2008 No comments

Here is some of the recent press coverage on topics relevant to content on my blog:
Microphone

  • Information Week: Virtualization Has A Security Blind Spot
  • Information Week: Securing Virtualization, or is that Virtualizing Security?
  • Network World: Black Hat speakers expose virtualization, OS security gaps (**NOTE: Please see here, VERY important)
  • Network World/Computerworld: Black Hat spotlights virtualization, DNS issues (**NOTE: Please see here, VERY important)
  • SearchSecurity (Australia): Could securing virtualised environments destroy ROI?
  • SearchSecurity: Initial virtualization costs could outweigh benefits
  • Computer Zeitung: Today’s Security Products Aren’t Ready For Virtualised Data Centres
  • Wall Street Journal: Hackers On the Move
  • Baseline: Managing Mobility In the Enterprise
  • ITWorld: Pros and Cons of VMware’s New Security Guide

Podcasts/Webcasts/Video:

I am confirmed to  speak at the following upcoming events:

I will be attending the following events:

/Hoff

From the “Sucks To Be Me” Department…

August 11th, 2008 7 comments

4horsemen_blackhat
Based upon feedback from attendees at Blackhat, my talk, "The Four Horsemen of the
Virtualization Security Apocalypse," went over well and I really had a lot of
fun delivering it. It’s had a TON of coverage.

Despite the positive feedback from folks, it seems the foreboding narrative of the apocalypse has carried over into the real world due to a rather unfortunate journalistic misinterpretation of the facts.

It’s only fair to state that I have been critical in the past of others in our line of work who have complained of their inability to control the output of their direct interviews with the press and analysts as misquotes and misunderstandings arise.

Perhaps this is a little karmic payback for my outspokenness, as after my talk at Blackhat, I have now enjoyed the fruits of journalistic distortion firsthand.  It’s important to note that this was not the result of a direct interview, but rather the inaccurate reporting of a reporter sitting in the audience of my talk.  I was never contacted with questions or asked for clarification or review.

Many of the points I made in my presentation were reflected upon poorly and my perspective butchered, but one specific item is causing me some serious grief in a professional capacity.  It cast a rather crappy pall on the rest of my Blackhat and Defcon experience (more on that later.)

One of the "Four Horsemen" which represents a critical issue in virtualization security is that of the hidden costs involved in virtualizing security.  The point I made, and the language I used to consistently describe it multiple times appears below:
Fh_costmore

To be perfectly clear, what I obviously said was that "virtualizing security will not save you money, it will cost you more."

What Ellen Messmer reported in her Network World article was that I said "Virtualization will not save you money, it will cost you more.”

Now, this may not seem like much of a difference, but it’s a profoundly impacting dissimilarity.

It’s a dangerous rephrase that has now caused significant pain for me that I’m going to have to deal with once I return from vacation.  It’s been picked up and re-printed/adapted so many times without validation that I can’t keep count any longer.

You see, I work as the security architect for the division of a company who is maniacally focused on designing, deploying and supporting heavily-virtualized realtime infrastructure for our customers.  One of the (obvious) value propositions of virtualization/RTI is cost savings/reduction/avoidance which I specifically referenced during my presentation as a well-established fact and reasonable motivation for virtualization.

You can probably imagine the surprise of folks when they read Ellen’s article which is written in a way that directly contradicts our corporate messaging and the value proposition offered to our clients.  It reflects rather poorly on me and my company.

And just to be clear, my scorn was not directed at the "network industry" or the "virtualization industry" as reported in the article; the context of my entire talk was the security industry, a point sorely missed.

This article reads like the output result of a bad game of "telephone."

I intend to contact Ellen Messmer and ask for a retraction as well as corrections of multiple other mistakes in the article, but as we all know, there’s no real retraction on the Internet.  All I can offer is my presentation, the video recording of it and the recollection of the 500+ others that were in the audience when I presented (including numerous other reporters.) 

The only other thing left to do is to sheepishly admit that despite the fact that this was not an interview that I or anyone else could control or influence for correctness, Joanna Rutkowska was essentially correct in her assertion during our last debate that you cannot control the press, despite best efforts. 

Even though I’ve never had a problem of this degree in the almost 15 years of doing this sort of thing, I humbly submit to her on that point.

/Hoff

Categories: Press, Speaking Engagements Tags:

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements

June 5th, 2008 12 comments

Microphone
Here are some of the recent press coverage on topics relevant to content on my blog:

Podcasts/Webcasts:

I am confirmed to  speak at the following upcoming events:

/Hoff

Categories: Press, Speaking Engagements Tags:

Don’t Hassle the Hoff: Upcoming Speaking Engagements

March 5th, 2008 No comments

Microphone
Hey y’all.  Here’s some of my upcoming planned speaking engagements.  If you’re in town or going to any of the conferences, look me up:

  • SourceBoston: Boston MA, March 12th, 2008*
  • SecureWorld Expo: Boston MA, March 26th, 2008
  • RSA Security 08: San Francisco CA, April 7-11
  • Troopers08: Munich, Germany, April 23-24, 2008
  • Financial Information Security Decisions, NY NY, June 19-20th
  • IT Security World: San Francisco CA, September 15-17*

Hope to see you there.  I’m sure there will be others between April and June.

* Rich Mogull and I will be co-presenting at these events.

Categories: Press, Speaking Engagements Tags:

The Best Defense is Often, Well, The Best Defense…

February 6th, 2008 No comments

Hoffpats
As it goes in football, so it goes in life…

I delivered the closing presentation of the InfoWorld Executive Virtualization Forum in San Francisco on Monday.  The title of my presentation, which I will upload soon, was "
  Addressing Security Concerns in Virtual Environments."

The conference was a good mix of panels and presentations giving some excellent perspective to senior-level managers and executives on virtualization and its impact.

The night before was obviously the Super Bowl and InfoWorld hosted a get-together complete with beer, snacks and a big screen for us to watch the Big Game.  Most of the InfoWorld staff are out of the MA area, so except for a few Giants fans, it was a room packed with Pats fanatics. 

Ultimately, sad, depressed, and shocked Pats fanatics…

So the next day after having to listen to the fantastic keynote from David Reilly, Head of Technology Infrastructure Services, Credit Suisse — an Irishman who grew up in England and now lives in New York — bleat on about "his beloved Giants," I thought it only appropriate that I take one last stab at regaining my pride.

So, when it was my turn to speak, I slipped a borrowed Randy Moss jersey over my silk shirt and took the stage to stares of bewilderment and confusion.

I explained my costume and expressed my disappointment with the team’s performance in one fell swoop:

You may be wondering why I’m up here presenting in my beloved Patriot’s uniform.  Well, this *is* a security presentation, so I thought I could give you no more spectacular illustration of what happens when you fail to execute on a defensive strategy than this (pointing to the jersey.)

Further, I find it completely amusing and apropos to be standing here in a virtualization conference talking about security *last* in the order of things because that’s exactly the problem I want to talk about…

The crowd seemed to enjoy those couple of opening shots and the rest went quite well — I try to make stabs at involving the audience.  I always gauge the success of a show by how many people come up and talk to me at the podium and afterwards.  By all accounts, it rocked since I spent the next 45 minutes talking to the 30+ folks that engaged me between the podium and the beer stand.

Adrian Lane was kind enough to blog about my performance here…

I very much enjoyed the conversation that ensued with some really interesting people.

Looking forward to the next one in NY in the November timeframe.

Hope to see you there.

/Hoff

Don’t Hassle the Hoff: Recent Press & Podcast Coverage & Upcoming Speaking Engagements…

January 4th, 2008 1 comment

Microphone_2Here are some recent press, webcast and podcast coverage on topics relevant to content on my blog (slow holiday season):

I’ll be speaking at the upcoming InfoWorld Executive Virtualization Forum (February, San Francisco) and with Rich Mogull at Boston’s new security conference, the Source (March, Boston.)  I’ll be posting more details shortly.

/Hoff

Categories: Press Tags: