This article considers getting started in computer and network security (physical or facilities security is out of the scope of this writing). This is an introduction; you may want to consider our introductory course that covers information security basics if you find you are interested in learning more about security, intro to Information Security.

Ed Hammersla has a background in trusted systems as in the Orange Book. He understands the mechanics of low to high information transfer.

Growing evidence indicates a variety of attacks could cause significant economic harm to a target, an attack specifically designed to destabilize a currency might now be possible especially if sponsored by a party with significant economic power (i.e., a major country) or executed with precise timing during a high stress period on the economy.

People ask me about teaching for SANS several times every month. The purpose of this essay is to show you the path.

Amit Klein, CTO of Trusteer, a provider of web browser security technology, tells us about himself and his current project, Rapport. It is designed to secure online transactions between compromised desktops and trusted financial websites.

This paper defines security controls and lists the types of controls. We cover phase controls such as preventative, detective, and corrective as well as functional controls as defined by NIST and GAO.

Kathleen Lynch tells the story of trying to find gainful employment in the information security field in the Great Recession. If you are willing to tell your story, we would love to hear from you, stephen@sans.edu

Stephen could certainly use your help in finding security thought leaders. If you know someone special that has made a major contribution to the field, please download our Security Thought Leader Interview framework, we'd love to learn more about them.

With the Security Thought Leader project Stephen hopes to introduce you to some really great men and women. A security thought leader can be defined by certain criteria: a person who is recognized by their peers as a thought leader, who passes their information on to help others, who has innovative ideas, and who shares ideas as actionable distilled insights.

Tenable's Ron Gula gives us an update on Nessus which now performs many of the industry standard web application tests such as SQL injection and Cross Site Scripting analysis. This, combined with Tenable's database, application and operating system configuration audits, can provide a much deeper form of analysis than pure black-box testing.

A.N. Ananth, CEO of Prism Microsystems, Inc. was one of the original architects of the EventTracker product offering, Prism’s enterprise log management solution.

Paul Henry is truly a Security Hero, he is most well known for his expertise and leadership in digital forensics, but he is actually well grounded. We are thankful he is willing to invest the time to participate in the Security Hero project.

Lance Spitzner of Honeynet fame has agreed to a Thought Leadership interview and we certainly thank him for his time.

As the commercialization of the Internet enters its third decade, the Web itself has evolved from sharing static information to driving dynamically connected mission-critical applications. While web applications and efficiencies of Web 2.0 are universally adopted, network security practices often still rely too heavily on the basic network firewall to block access to static information. Too many enterprises today believe their firewalls deliver "good enough" security to mitigate Internet-related threats and attacks. However, enterprises that do not currently have advanced network protection deployed face significant risk and are likely already compromised.

Ivan Arce, Chief Technology Officer of Core Security Technologies, sets the technical direction for the company and is responsible for overseeing the development, testing and deployment of all Core products. He talks with us here about the recent update to their product to include web application testing, the latest web attack techniques, and his security philosophy.

Understanding how networks work will empower a manager to make informed decisions that affect the security posture of the business. Because our organizations depend on networks to accomplish work, they can be used to attack us and yet, we are all too willing to treat them as something beneath the manager's responsibility and beyond our understanding. At a minimum, security leaders are responsible for ensuring that metrics are in place to monitor the health of this resource and oversee the development of a secure architecture.

Jeremiah Grossman, founder and CTO of WhiteHat Security, talks with Stephen Northcutt about the state of web application security as well as WhiteHat's approach to website vulnerability assessment and management.

Most of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.

Chris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.

Anthony Giandomenico weighs in on Data Loss/Data Leakage Protection (DLP).

John Pirc from IBM's Network Security Solutions has agreed to be interviewed by the Securitylab; we certainly thank him for giving us his time to discuss security and the Intelligent Network.

Stephen Northcutt and friends offer their predictions for the important trends in network, information and computer security for 2009 and beyond.

We asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.

This paper investigates sound practices in intrusion detection and prevention, from IDS and IPS deployment considerations, to pushing the boundaries of IPS (with examples of advanced prevention techniques, specifically blocking the Kaminsky DNS cache poisoning exploit), and business applications.

At larger conferences, the SANS Institute has a vendor show, and I like to attend to find out about new companies and new technology. There was a vendor at our last show in Las Vegas, Secure64. I had never heard of them, so I wandered over and we had a great chat. They are a DNSSEC vendor who sells a product based on the HP Itanium architecture. The more they talked, the more I learned about an incredible guy, a security thought leader named Bill Worley, so please let me introduce you to Bill.