security catalyst community

What is the Security Catalyst Community?Community

The Security Catalyst Community is a forum where individuals who are interested in or work in the Information Security field can come together and leverage each others strengths and experiences. There are several things that make this forum so great:

  • Everybody uses their real name. That may seem like something odd to bring up, but in my opinion, knowing who you are talking to is part of what it means to be in a community.
  • Very high signal to noise ratio. I would go so far as to say there is no noise on the forums.
  • Very knowledgeable people. When you post something, you are guaranteed to get responses from individuals who have a significant amount of knowledge and experience and are very willing to share it with you.

Where is it?

It is right here! One note, in order to read the forums you will need to register first.  So go do that now and come back when you are done.

What kinds of things get talked about?

Instead of talking about topic areas and what different aspects of Information Security are discussed, let's take a look at a few recent posts:

Don Weber posted a question about how to measure whether a security team is overburdened or not. A great discussion followed with helpful tips on how to gather metrics that can be used to answer the question.

Allen Baranov is in the unenviable position of inheriting a couple of IPS devices and was looking for some guidance on best practices on managing rule sets. Again, several folks stepped and shared their experiences which provided a good base to start from.

Jay Benson was looking for diagram of how WPA2 actually works for a presentation he is giving and the theme of folks helping out continues as a couple folks pointed him to some resources that might be of help.

Fred Donovan posted an observation about, "Hacker Safe" and a letter sent our to customers regarding their site being hacked last month. A very interesting discussion followed that is worth reading.

The last item I would like to mention is one that was also posted by Don. It was posted in October of last year, but has seen some recent activity. It poses the question "How do you do Email?" A great set of posts follow in which people share their strategies for dealing with our overflowing inboxes.

Who participates?

Here is a bunch of folks who participate and have blogs. Yes, it is a long list, but it is worth your while to visit these blogs a regular basis.

The Security Catalyst (Michael Santarcangelo) |
The Network Security Blog and Podcast (Martin McKeay) |
Security Ripcord Blog and Podcast |
Education Security Incidents (Adam Dodge) |
An Information Security Place (Michael Farnum) |
Andy, IT Guy (Andy Willingham) |
Andrew Hay |
Scott Wright (Security Views) |
Security Renaissance |
Marcin Wielgoszewski |
John Biasi |
Chris Hoff |
RioSec Security WebLog (Chris Byrd) |
James Costello |
Harlan Carvey, CISSP |
Jon Robinson |
Chris Harrington |
John Gerber |
Steve Mullen |
Rory McCune |
Rebecca Herold |
Randy Armknecht |
Didier Stevens, CISSP |
Amrit Williams |
David D Bergert, CISSP, CISA |
Justin Clarke |
Andrew Storms |
Lori MacVittie |
Rob Newby |
Andrew Mason |
Andy Steingruebl |
Security Thoughts (Allen Baranov) |
Jeff Stebelton |
Brad Andrews | Brad on Security
Anton Chuvakin |
Eric McMillen |
Dana Hendrickson |
Tyler Reguly | &
Keith Kilroy |
Peter Giannoulis |
Walt Conway |

Um..this post is long, how do I join again?

Simply go to and click on the register link. You will not regret it.

Kevin Riggins