Peer-to-Peer - Information Security Magazine - Page 1
DISPATCHES
Two Seattle CISOs, Kirk Bailey and Ernie Hayden, are pioneering a new level of trust and cooperation to secure their enterprises.

Over the clatter of an auto body shop where he was retrieving his car, Ernie Hayden received a disturbing cellphone call. "I'm sending you a warning about the latest MyDoom attack," the voice said.

No introductions were necessary. Hayden, the manager of enterprise information security for the Port of Seattle, immediately recognized the voice as his counterpart at the city of Seattle, CISO Kirk Bailey.

Usually, the pair meets once a week at a local coffeehouse to talk shop. They share their problems, insights, solutions and questions. Nothing is out of bounds, and there's no fear of compromise. Their trust in each other is unquestioned.

While the urgent warning of a MyDoom variant wasn't the norm, it was hardly unusual. When something serious breaks, they call each other immediately. They know implicitly that one always has the other's back.

By the time Hayden rolled into the office, he had the details of the worm that Bailey promised. The variant used an e-mail to instruct recipients to click an embedded URL and confirm an online purchase. The malicious Web site then downloads a virus that damages the host and mails itself to everyone on the person's contact list. With that intelligence in hand, Hayden sent an urgent message to his staff and began working on countermeasures.

It was yet another

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

example of why close, personal, working relationships between peers and the open sharing of security intelligence are important and beneficial. And it's a relationship that Hayden and Bailey continue to foster amongst their peers and are trying to export to others.

While the security practitioner's mind-set is usually wrapped around secrecy, Hayden and Bailey say they're proof that extending a little trust and putting two--or sometimes more--heads together is a better way to solve pressing security problems. This kind of cooperation practiced by Hayden and Bailey, as well as other Northwestern security professionals, could become a CISO best practice.

This was first published in January 2005