Security Pros on Twitter (SPoT): David Mortman / @mortman

Welcome to the final installment of the Security Pros on Twitter (SPoT) Series on The Network View.

Today we focus on a gentleman who we have followed since our very early days on Twitter: David Mortman. According to his bio, Mr. Mortman is a CSO who is currently seeking his new adventure, so if you like what you read here, perhaps you can explore working together.

Together with Alex Hutton and other leading security experts, David is one of the masterminds behind The New School of Information Security. Take a look at David’s most recent post titled Meta-Data? for a good read about the appropriate level of information that is required to have important strategic discussions about security. The post has already spawned a conversation within it’s comments.

Real Name: David Mortman
Twitter Handle: @mortman
Top 3 Social Media/Networking Sites:
Twitter is the main one I use, although I have accounts on Facebook and LinkedIn as well

1. In which area(s) of security are you most involved?
These days I’m largely involved in management, risk, privacy and compliance, although I still do some technical security work as well.

2. What security topics will be the most important in the next 18 months? Why?
Compliance by a long shot, there are lots of new regulations on the horizon, plus PCI and the new changes to HIPAA, all of which will keep lots of folks busy.

3. Biggest Pet Peeve: Name one thing about Network Security that you wish business stakeholders would understand and why.
One of my personal long term goals is for business stakeholders to better understand what security can and can’t do for them.

4. Tell us why you became so active on Twitter and any other important social media outlets. What value are you getting?
Twitter started out as just an convenient way for me to keep in touch with peers in a more interactive way than email. It quickly became a great medium to launch discussions about security and privacy issues.

5. Name one security peer whom everyone with an interest in Network Security should follow. (Okay to name 2 if you can’t decide on only one)
Jeremiah Grossman (@JeremiahG), Alex Hutton (@AlexHutton), and Shrdlu (@shrdlu) [EDITOR'S NOTE: Does anyone actually know @shrdlu's real name?].

6. What’s your take on security for social media and cloud services in general? Top concerns, overstated issues, etc.
I think that having security concerns with social media and cloud services is important, but that they are often over-hyped in the media. My biggest concerns are around reliability with regards to uptime / data recovery and compliance. Largely going to the cloud isn’t significantly different than other forms of outsourcing, provided you can get the appropriate protections for your business. This does mean that you can’t just use any cloud service “willy-nilly”, but that’s not any different then any other outsourcing agreement. As for social media, this is largely an education issue, similar to what companies have had to deal with in public IM services that have been around for over a decade now. We just need to remind employees what is and is not appropriate to discuss, and remind them that social media is, in fact, a public forum.

7. What are the top 3 real-world (i.e. live) events you’d recommend for networking with security professionals?
RSA, Blackhat/Defcon and any conference I am at :) .

Seriously though, I hear great things about Shmoocon, Toorcon, and SecTor.

Security Pros on Twitter (SPoT) Series Wrap Up

We have greatly enjoyed networking with all of these impressive SPoTs, and we hope you have also found the content enjoyable and informative. Our next series will profile some key technical sales personnel at security tool companies, and we hope you are looking forward to it as much as we are.

As always, we want your feedback. Got a hot topic you want to see discussed on here? Want to contribute a guest post? Have an idea for an interesting additional series on any topic in network monitoring or security? Bring ‘em on; we’re all ears.