Category Archives: Security

My experience at Tweakers Privacy & Security Meet-up.

Two weeks ago I attended a great meet-up organised by the Dutch technology website Tweakers, I love this site so much I am an elite member. I decided on electronic attendance since the live event was in Hilversum, which would have been a 3 hours drive on a Saturday.

You can now view most of the sessions on Youtube through this page, but let me give you some pointers on what I found more than a little interesting that afternoon. Maybe it can guide you in what to watch. (some of it is in Dutch).

Wesley and Rick from Zolder.io gave a great talk – hacker worthy – on Microsoft 365 security. What vulnerabilities to look out for as well as tools to help you. Very interesting to watch if you use this Microsoft subscription service.

Jilles Groenendijk had a great talk about his hardware hacking, IoT security and right to repair.

One of the most thought provoking talks was by Melanie Rieback. She talked about startups in security and the problems with Silicon Valley style funding and takeovers. Imagine starting a company in The Netherlands, compliant with all governing laws, getting some customers that trust you. Even from a legal perspective. What happens if you get acquired by a British holding that now is governed by different laws ? How can you protect your company? Apparently there are some forms of social enterprise to go for. Or even foundations. Definitively something I want to look into more.

The most fascinating talk was with Inge Bryant! I did not know this lady before, but honestly was more than a little impressed. Apart from an incredible career in intelligence and the police, she is very precise and thoughtful in her statements and obviously has a level of empathy and warmth you would not expect… well from an ex-cop! I was blown away by her stance on privacy, which is certainly not what you would expect from someone in that position. She actually defended the right to encryption! Very much recommended.

Security sessions at VMworld 2021

In this second post on VMworld session recommendations, I want to share some picks in security from the content catalog. It is going to be a busy week! See my blog on cloud management sessions I published before.

Although I am an infrastructure guy and I have worked a long time in systems monitoring, I am part of the vExpert Security sub-program. I have done a lot of work in compliance, with the defunct VMware Configuration Manager and lately with vRealize Operations.

man wearing gray and red armour standing on the streets
Photo by PhotoMIX Company on Pexels.com

I want to specialise more in security, seeing what the need is in our industry today. I have done NSX-t training and did the Carbon Black Partner Certification, but I am not an end-user computing specialist, so keep my focus in mind when you read my list.

Also it is a good idea to turn to the community for advice, so I listened to the VMware Communities episode #570 on VMworld security tracks. Zero Trust is important I think, as is incorporating security in our architectures. I do not like the scary stories at any security talk, I do not see their added value. So with all of that in mind, here we go!

A Modern Firewall For any Cloud and any Workload  [SEC2688]

NSX-t has a lot of security features built-in like micro-segmentation, the NSX distributed firewall is one of the latest techniques to secure your environment. I would like to know more.

Anatomy of the VMware SOC [SEC1048]

Practice what you preach, right? So I am interested in hearing what VMware’s own Security Operations Center (SOC) are doing to keep the bad guys out.

Macro- to Micro-Segmentation: Clearing the Path to Zero Trust [SEC1302]

Well there is someone I know here! Victor Monga leads the vExpert Security track and he is talking micro-segmentation and Zero Trust. Should be an interesting talk!

Continuous Compliance and Vulnerability Management with vRealize Automation [SEC2054]

vRealize Automation is still a bit my baby and DevSecOps is a hot topic. I am curious to see how we can achieve continuous compliance in the apps developed internally at customers, without having to setup elaborate scanning after the fact.

Simplified Security with VMware Carbon Black Cloud [SEC2718]

A lot is happening around Carbon Black Cloud (and I hope to blog about it soon….). This is a Meet-the-Expert session to get down in the practical details.

Meet the Experts: vSphere Security Best Practices Straight from the Experts’ Mouth [SEC1388]

If you manage vSphere environments, I think this one is not to be missed. Going to be chockfull of practical tips on how to secure your environment. And that’s what we all need to do, right?

I realise the last two sessions are Tech + Pass (paid) sessions. I think they are worth it and as I explained in my post on cloud management sessions, I am going to pay for access too.

These are not all the sessions on my list, but they give you an idea of what I am looking for in security: architecture, Zero Trust, NSX-t firewall and micro segmentation and Carbon Black Cloud.

Do let me know what you think or what sessions you recommend. And please connect during the event! We have a booth in the partners section with ComDivision, the premier VMware partner in DACH and USA where I get to do a lot of my work.

Ransomware…

After 30 odd years in IT it still amazes me people will not take care of basic protection in their environments. Security settings, patches, anti-virus. Nope. Even after previous ransomware attacks this one is still successful. Even in big corporations.

And please don’t go the “it won’t happen on my Mac/ Linux/ TRS-80 machines” way. You know it is coming … Some environments are more secure like Mac OS with sandbox and just not running Windows file sharing, but attacks are more and more ingenious. Even your Intel processor has built-in risks and it takes just a link in an email. Yes I know you were just curious about that viagra ad and did not really intended to order…

Get some basic discipline and IT-hygiene ! That is the real issue.