Industry@Work

By Karina Sanchez · February 2007

Blogs: A Secret World

IT'S a trend that's taking over cyberspace. Everyone's doing it (including us; we hope you like it -- Ed.), and there seems to be no end to this madness. Blogs are taking over by the thousands. In one random Google search for security-related blogs, you'll certainly find more than 34 million results. It's a communication platform that has taken over instant messaging and e-mail, and people love it. What's interesting about blogs is that a blogger in Canada can post a note, and someone in, say, Europe can respond with their own opinion in seconds. The exchange of opinions and ideas between two or more people engages those involved, but it also entertains the rest of us who may not want to go through the effort of putting in our two cents, but relish the banter exchanged in cyberspace.

Security can often be a controversial topic, and there's no better way to exchange ideas with such a diverse group of people than through the Internet. I was surprised to find so many blogs about security. There are many people in all parts of the world that have something to say about it. There were some interesting blogs and some not so interesting. Some were difficult to navigate and some weren't. Some did talk a lot about security and some talked very little about it.

The reality is that blogs can offer insight into a person's life that you might not normally talk to or that you never think you'll ever meet. In a way, blogs can humanize a person. Bloggers are able to share whatever aspect about themselves that they'd like. And it can be interesting. Blogs that I most enjoyed were those that introduced ideas or opinions that I have not thought of before -- blogs that induced thinking. Blogging is an easy marketing tool, and people are catching on.

Blogging 101
Getting a blog started can be relatively easy. You must first decide on if it's something that you'd like to do on your own or if it will be through your company's Web site. There are pluses and minuses to both sides. If you do it yourself, you won't have the responsibilities attached to a corporate image and you can remain relatively anonymous. Nonetheless, you will have to create the blog yourself, which can be done with software or services such as TypePad or Square Space. These services will give you step-by-step instructions and prices on getting started.

If you decide you'd like to start a blog through a corporate presence, it can not only be easier to manage, but it'll surely help validate your image as a security professional. At the same time, it can become a marketing bonanza for your corporation. But keep in mind that if you switch jobs, you might run into a custody battle over the blog.

If you have an IT or Web services department, it should be quite simple for them to set up a blog. If not, try WritingUp. Once a blog is up and running, someone has to actually write something in it.

Write what you will, but it'd be best to stick to a certain subject such as security, identity management, corporate security or whatever your field of expertise is. Start writing about something current that pertains to the subject that you choose such as a news story, a blog piece by someone else, an e-mail or a quote. Write what you know and what will entertain people. I think that writing an opinion about something of interest will more likely elicit comments than just posting a piece of information. Phillip J. Windley, IT expert from Brigham Young University, suggests creating an "About" page to list biographical data and let people know who the blog's author is. Being able to know the person, at least a little, is part of the blog experience, he said.

The Blogging Community
There's a world out there beyond the United States, and it comes together through the Internet. The Internet, like the real world, has its own celebrities and bad guys. Reading security blogs and reading about them, you'll soon find out that there's a community of bloggers out there that know each other, have heard of each other, are blogger celebrities, infamous bloggers. They all seem to pretty much stay within their own groups. Security bloggers know other security bloggers as environmentalist bloggers know other environmentalist bloggers. They write about each other, they write to each other, they praise one another and they bash each other. It's almost like a soap opera because it's entertaining to be involved in and it's entertaining to read.

I found some blogs to be thought provoking and amusing. Some blogs are active, eliciting many comments from readers. For example, csoonline.com really has an active site. The site's bloggers are well informed and comments from readers also are valid and educated. RSA Security blogger Ari Juels, research scientist, provides interesting blog entries that I think most would find enjoyable.

"It's difficult to fathom how a list of the 20 most popular dog names could have evolved into a potential tool for identity theft. Such, however, is an oddity sprung upon us by the challenges of online password management," Juels said in a recent blog entry.

He goes on to tell how guessing and mining can often prove fruitful for identity thieves when stealing your identity online. He can be found at rsasecurity.com. A popular choice among IT security bloggers is Michael Farnum. His blog entries at infosecplace.com are a nice mix of good information and fun antidotes. One day his blog will be about DDoS attacks, and the next day he'll talk about his weekend or his children in Tae-Kwan-Do.

It's not hard to lose yourself in the blog world. Soon enough you'll find yourself starting on a blog about maritime security and somehow end up reading about cookie recipes. Though I wouldn't suggest using blogs as a definite reliable source to base all of your knowledge on, they do provide a little entertainment in this industry that can use a pick-me-up every once in a while.

This article originally appeared in the February 2007 issue of Security Products, pg. 10.

About the author

Karina Sanchez
Karina Sanchez is the former managing editor for Security Products magazine. She now freelances for Web publishers, trade magazines and corporations.


Poll

What should the AirTran pilots have done after being told of remarks from Muslim passengers on the New Year’s Day flight?