January 2012
7 posts
Moved
I’ve moved my blog to http://jnorthrop.me. I’ll leave this blog up, but I won’t update it any longer.
Salary Negotiations, Don't be Tough, be Honest
I read a blog post the other day about how to properly negotiate a salary. It received a lot attention on Hacker News and generated a heated discussion. Obviously this is important to many of us — me included. However, I see things differently than Patrick. I’ve liked almost all of my bosses (5 to date), and enjoyed my past places of employment. I’ve generally felt fairly...
EU Data Protection Reforms Are a Big Deal
As expected The European Commission released two principal documents outlining proposed reforms of the EU’s 1995 data protection rules. And as promised last week I will do my best to put it into context for IT professionals. First off, from all accounts, It appears to be relatively close to what was leaked in November so there are no big surprises in it. However, that doesn’t mean that...
Google, Good To Know
Did you catch Google’s full page ads in The Wall Street Journal, The New York Times, USA Today as well as other papers around the country this week? If privacy isn’t your business then you may have just passed them over, but for those of us who make a living either convincing customer’s to given us their data or struggle to keep those within the company who want to mine that same...
See, privacy is a big deal
Anyone still think they can keep their head in the sand over privacy issues? Think again. Check out this post by 37Signals. Here’s the meat of it.
Taylor’s post about our growth in 2011 included a bunch of numbers showing how the pistons inside the 37signals engine are pounding faster, but it all got swept away by what seemed like an innocent side-note: The 100 millionth file was called ...
Privacy Regulations Are a Comin'
At the moment privacy is a hot topic. Most of the chatter on the internet and in the media can be characterized as “Company X is abusing the trust (or taking advantage) of their customers.” I’m not going to debate that side of the issue but there is another side and it isn’t getting much coverage. What’s missing from all the hoopla is the coverage of the impending...
What IT Professionals Need to Know About Privacy
I’ve just learned that I’ll be presenting at SecureWorld in Boston on March 23rd. To follow is the abstract I submitted for the call for papers. Now all I have to do is put together the presentation… I know many people who read this blog are a good target for this type of topic. Feel free to send ideas, anecdotes, etc. that might help me focus the presentation. As a 20-year IT veteran...
December 2011
4 posts
My Experience With LPTHW
I’ve been meaning to get my hands dirty with Python for a while and finally found the motivation to go through Learn Python the Hard Way over the holidays. I knew going into it that it wasn’t necessarily the he best way to ramp up on the language for someone with years of development experience, but it was a vacation week and I didn’t want anything too intense. Plus, the simple...
The MITx Revolution
On the first day of Christmas MIT gave to me… oh, whatever. MIT did give us all something though. The school recently announced MITx, which will start offering free online courses, and for a fee a certificate of completion. There’s a lot of action in the online/higher-ed space at the moment with many major universities putting up courses for free, including MIT. These are fantastic...
CISSP Download
I woke up at 5:30 am yesterday to get ready for my two hour drive to Norwood, MA — the closest location (ISC)2 offers for sitting for the CISSP exam. I had to be there by 8:00 am. Check-in at 8:00 am; receive instructions at 8:30 am; and then start the exam 9:00 am. Six exhausted hours later I was done and ready for my two hour drive home. Why did I sign up for this again? This was probably...
Privacy Professional ≠ Infosec Professional
We’ve experience over 30 million records breached already this year in the US alone. That’s an incredible number. Sloppy security is usually the culprit and this is well known and documented as evidenced by executives all around the world are throwing money at the problem. However, there is a kissing-cousin to this problem that seems to be getting the governments attention but...
November 2011
5 posts
Worth Watching
I just finished watching a 2006 Google Tech Talk by Rik Farrow on computer security models. It’s worth watching. He spends roughly 45 minutes discussing how our current computer security models are broken and finishes with a proposed solution. He starts by talking about the most prevalent attacks today including SQL injection, XSS and buffer overflows and how weak our current operating...
How Not to Start a Community
The IAPP uses Avectra’s netFORUM AMS to manage our membership information. I’ve never been all that happy with the netFOURM software and certainly not Avectra’s horrific support, but last week they did something that makes we want to scream. They launched an online community. To kick-start this community they decided it would be a good idea to take every user of their system and...
DNT: No Teeth, No Benefits--DOA
The W3C published the first draft specification for “Do Not Track” (DNT) in an attempt to addresses online privacy. The document proposes an official specification for a mechanism that allows users (via browsers) to broadcast tracking preferences to websites. The intent of DNT is fantastic. Users should be empowered with the ability to opt-in or -out of being tracked on a website, or...
Take My Idea - Measure Any Exercise
I’ve had this idea bouncing around inside my head for a long while and I’ve come to the realization that I’m never going to see it to fruition. Instead of letting it just rot on my computer, I thought I’d give it away instead. If you want it, take it. If you want to chat about it feel free to contact me. Note: I’m trying to write out this idea as clearly as possible...
Word Resumes, Why?
I don’t know why I’m shocked every time this happens to me, but it is happening again, and I am at my desk this morning shocked. Yesterday I posted an ad for a job opening in my department. I’m not looking for a proven “rock star” as I can’t really afford one but I’m hoping to find someone sharp and willing to learn with a bit of experience developing...
October 2011
4 posts
Stress and Athletic Performance
I’m a stressed mess right now. In addition to life’s normal level of stresses, I’m studying for the CISSP exam (which it is turning out to be much more intense than I anticipated) and I’m I short handed at work (if you are an entry-level developer in the NH Seacoast area contact me!). I’ve been here before though, so the occasional sleepless night and general...
PayPal's Identity Service, Gone Too Far
Looks like PayPal is offering a new identity service. Gaining access to over a 100 million users who trust the brand seems like a pretty good opportunity. However reading through the benefits of using this service made me a feel a little queasy. This service is abusing the privacy of their customers, badly. If you don’t believe me take a look at what information they are offering to...
Indextank Bummer
I just receive an email from the Indextank team that they were purchased by LinkedIn. As soon as I read it a four-letter explitive left my lips. I’ve just spent the last couple of months redoing the search engine for the IAPP website to work with Indextank.
As you may have heard, LinkedIn has acquired IndexTank. We at IndexTank are very excited and look forward to joining LinkedIn. Our team...
Jack of All Trades, Master of None
The other day I was asked to help a colleague at the IAPP determine the profile of a typical candidate for a CIPP/IT certification. It started out with a simple question, “Help me understand the different classifications of IT professionals?” I thought this would be an easy exercise. However, once I sat down and started to give it some thought, I was surprised to recognize the breadth...
September 2011
8 posts
Silk, Fire and Another Loss for Privacy
Our privacy is slowing eroding, at least in the sense that what we do is less private then it used to be. We’ve all know for some time that the phone company tracks all of our phone calls and that ISPs know something about our internet traffic. We accept that web servers record what pages we visit and when we visited them.
In the last couple of months we’ve learned that Facebook can...
Terms-less Terms of Use
Today I came across the most useless terms of use statement I’ve ever seen, and I’ve seen a lot of them. I try to make it a habit of reading terms, licenses and agreements whenever I come across them. As a practicing Privacy Professional I feel obligated to review them, and occasionally I’ll even learn something along the way. So imagine my surprise when I came across this:
These...
Then the BEAST Enters
Have you heard about the BEAST? Juliano Rizzo and Thai Duong presented their Browser Exploit Against SSL/TLS tool, a.k.a the BEAST, at the Ekoparty security conference a week ago. This tool has the potential to launch one of those seminal moments in computer history. It exploits a weakness in virtually every website that uses secure certificates to protect transactions (SSL/TLS). In other words,...
Now I'm Scared
I’m just back from the (ISC)2 Security Congress and I’m scared. I’m scared for two reasons. First, I feel self-pressured to get CISSP certified. From what I understand, the exam is intense and should require a large time commitment to master all ten domains — and I don’t have that kind of time (although I will find the time!). However, what really sent my blood...
"SEO?" No! Write Instead
I swear I’m going to scream if I hear to one more person describing search engine optimization as something complex and mystical. It’s not — it’s actually pretty simple. I’ll prove it. Here’s all you need to know, all on one double-sided sheet of paper. If you can understand and implement what’s on that cheat sheet you’ve already won 90% of the...
Karma
“It just feels good man.” I actually said that to somebody the other day. It was in response to, “why exactly are you helping me?” I’m the type of guy people call on to move furniture, with computer questions or just listen to a crazy new business idea. It’s generally because I’m always willing to help and I always have been. Maybe it was the way I was...
Hidden Benefits of a Bad-Ass Infosec Policy
Most large companies have a strict information security policies. They do it to comply with legal obligations and to minimize liability concerns (e.g. HIPAA, GLB, PCI, etc). The smart executive knows that a data breach can be expensive and damaging, just ask Heartland Payment Systems, the Veteran’s Administration or TJ Maxx. Start-ups also should understand that compliance and liability...
Standing Desks Are on the Rise →
Hey! I’m an earlier adopter. I’ve been working at a stand-up desk for roughly 4 years now. I love it. I spend about 75% of my time standing. I wouldn’t have it any other way.
Here is my setup… Minus the computer which I used to take the picture :p
August 2011
2 posts
Blogging For The Right Reasons
I’ve often thought I should blog. At first, many years ago, it was because everyone was doing it. That’s really no good reason at all. Some years later, when I was starting my own business, I believed it would help garner some attention. However, I was way too busy and never got around to it. Not that long ago I thought I should blog to help my “professional networking.” I...
My Place of Employment →