Recently, I was asked to complete a security awareness training at Check Point. It is considered a mandatory exercise for all employees. It consists of watching a brief presentation, taking a short multiple-choice test, virtually signing the security policy document, and providing a user validation question and answer.

The entire process took no more than 20 minutes. After having watched the presentation, I can tell you, with a fair degree of certainty what the different levels of classification are, what generally falls into each level of classification, and what my responsibilities are with respect to handling data in that classification. It was all done with clear language using examples I feel most people could relate to.

It is exactly the kind of policy presentation that any serious company should have. The reason: employees are often the weakest link in security. Educating employees on what the policy is vital to ensure corporate assets are protected.

Oh wait, you don't have a security policy? Well now, that is a problem.

Yesterday, I took the train up to The City and walked around Moscone Center, where the RSA Conference was being held. I took a few pics of people from the Check Point booths, the Barracuda Babes, and Stina from Yubico.

Now that we have the official announcement, I can now say I work for Check Point Software. And while I’ve been working with Check Point in some capacity or another since 1996, this is the first time I will actually be on their payroll.

A question I’ve gotten a bit since this was originally announced back in December is: what’s gonna happen to Nokia’s awesome support team? The good news is that the vast majority of that support team will be incorporated into Check Point. Furthermore, the combined support organization will implement best practices from both companies. In fact, Check Point’s support offerings now look very similar to those we sold at Nokia.

What about me? At the moment, I am trying to get through all the structural changes, which are still underway. I’m less worried about the “job” part of my job and more worried about more basic issues, like getting connected to Check Point’s Intranet, getting signed up for payroll and benefits, and understanding all the various policies and procedures–all of which will be different. So will my actual job, and I’ll begin to understand the particulars of it soon enough.

I guess it's time to take a break from kvetching about my job for a moment and talk about something security related. Or more specifically, something related to keeping your kids safe on the Internet.

My 8-year old son is becoming a bit more adventurous in his quest for all things Pokemon, not to mention Tower Defense-type games. He is using that "search area" in the upper right hand corner of the Firefox window to find things. This has resulted in coming across pages that are "blocked" by Microsoft's Family Safety filter, which I use on all the downstairs computers. This inevitably means he'll run into whatever room I am in and ask me to "type in my password" to unblock the site. Frequently, he asks me when I am doing something else and, of course, he wants it NOW.

When I am ready, I go to his computer--which is in our living room and thus in a public room--and find out what site he was trying to go to. Some sites I know aren't particularly great for his age range (e.g. MySpace), others I will check first. Because I'm not quite sure what I am going to find, I ask him to leave the room first. Either that or I will make note of the site and go check on a different computer.

The reason for this is very simple: Microsoft's Family Filter does not offer a lot of granularity on blocking. Furthermore, it doesn't give any explanation as to why it was blocked (e.g. what category the website was in). Even if it did, one should never assume the filter is entirely correct. Best way to keep the kids protected is to manually review the site--without them in the room--in case something particularly nasty shows up!

In one case, I went to a blocked website that appeared to have ok content, but had ads on it that were clearly not ok. Furthermore, there was so much crap on the site that the browser basically locked up! In short, there was no way I was allowing my son anywhere near this website.

I then explained to my son why I was still not going to allow access to the site in question. I reiterated why the filters are there and why I manually check things first. He understood and moved onto something else.

Obviously, things are relatively simple right now. As time wears on, things are going to be more complex, particularly when we get into instant messaging and interacting with other people online. Not to mention the difference in age-appropriateness between my 8-year-old son and 4-year-old daughter as they get older. However, it will hopefully be handled much the way it is handled today: with a conversation.

Reblog this post with Zemanta

Over my 10 years in Nokia's Security Appliance Business, I have met a lot of people. Many of these people worked in the business and moved onto other areas of Nokia. Others were the direct result of my "poking around." At one point, I hoped that I could leverage some of these contacts to branch out into other areas of Nokia.

Then, a funny thing happened at the end of September 2008. Nokia announced they were selling the Security Appliance Business to an outside investor. We were to become a new, independent company. Shortly thereafter, the wheels fell off the economy and the credit market dried up. This made such a venture untenable.

Shortly before Christmas, Nokia announced we were being sold to Check Point Software . It wasn't the original plan, but under the circumstances, it made the most sense.

Despite the uncertain economic climate, not to mention the uncertain future all of us faced, a funny thing happened. We all pulled together, tightened our belts a little, and forged ahead. Profitability continued. Epic amounts of customer satisfaction were attained. We showed incredible strength and determination. Every one of us.

Meanwhile, the rest of Nokia downsized and reorganized. The company is asked employees to volunteer for a layoff as well as ideas for cost savings. I would not be surprised if additional actions are being considered to ensure survival during this protracted recession.

Clearly, my days at Nokia are numbered. Some of us will end up at Check Point. Others, sadly will not. It's not only a long goodbye to a company that has treated me well for 10+ years, but to a "family" of people I've worked with. While like all families, we disagreed at times, we all tried our best to "delight our customers" and be "very human" (to borrow a couple of Nokia's values).

While it is goodbye to some, many of us will continue to work together as part of Check Point. Clearly, it won't be the same as it was. I have hope that, in time, it will be much better than what we had.

Reblog this post with Zemanta