Mathias Thurman

Mathias Thurman follows the same security procedures wherever his company's partners are located. From his perspective, the only difference is in the local cuisine

Charged with ensuring the confidentiality, integrity and availability of his company's systems and intellectual property, identifying areas for cost cutting did not come easy for security officer Mathias Thurman. Here are four key cut back areas which he came up with

How often have you heard, "I'm not sure you can do that; there isn't a policy in place?" I hear it too often, because I hate writing policies. And I hate writing policies because at a very engineering-centric company like mine, generic policies don't go over well.

I finally settled on a strategy for wireless security. As wireless access points began appearing on our company's network, we configured them with Cisco Systems Inc.'s Lightweight Extensible Access Protocol. LEAP forces users to authenticate to the access point with their enterprise credentials -- the same credentials used for virtual private network access, as well as services such as payroll and Microsoft Exchange e-mail. That's because we use a centralized directory that ties into most of our core applications and lets employees use a single password to sign on.

For the past month or so, I've been struggling to find a way to locate and eliminate rogue wireless LAN access points (AP). This week, I believe I finally found an answer.

The IEEE 802.11b wireless networking standard is known by a variety of monikers -- there's AirPort if you're an Apple user, Wireless Ethernet, or, perhaps its most ubiquitous handle, Wi-Fi.

Two members of my security team gave their two-weeks' notice this week. Each departed for different reasons. Our most technical security engineer left to start his own company. Our security auditor jumped ship for one of the big consulting companies. It offered him a significant salary increase, more vacation time and the opportunity to build his own team.

No matter how much detail one provides to upper management regarding a vulnerability or a security issue, sometimes a technology that isn