This is the slide deck that I used for the virtualization workshop. The actual discussion was much more open-ended in terms of audience participation. The slides are good references for a few things that were talked about. Other topics included the benefits of virtualizing a 'one of' where the ratio is one hypervisor to one guest. We also went over the order of what systems to virtualize when, both from a production support and security standpoint.

cuispa_2010_-_virtualization_workshop_slides.pdf

I'll be one of the speakers at the 2010 Credit Union Information Security Professional Association (CUISPA) conference next month in Austin, TX. The topic is "Top Issues for 2010" and is intended as an open forum and disucssion around some of our current security challenges. This post will host a placeholder for topics I plan to talk about during my session. Feel free to e-mail me or contact me with more ideas.

Retailers and other organizations are waking up to the need to become compliant with the PCI Data Security Standards imposed by the credit card companies. While awareness is a good thing, there is still a huge gap in both understanding of what the regulations mean and a trailing impact on security spend - especially in a few key areas. There is opportunity here for Symantec (NASDAQ:SYMC), Mcafee (NYSE:MFE), Websense (NASDAQ:WBSN), Attachmate, EMC (NYSE:EMC), and many other public and private security firms.

I solved another interesting problem today and thought it was worth sharing. My 'problem' is that when an authenticated user performs an SMTP relay via exim, I want to strip out the received by lines. This effectively hides their origination IP, which could be a DSL line or some public IP address that would otherwise be blacklisted by the recipient's ISP. For whatever reason this took a long time of Googling and all of the posts about how to do this were references to the exim manual pages.