Dear Mr. Storms, I am pleased to advise you that you have been selected to attend the spring session of the 2009 Federal Bureau of Investigation's Citizens' Academy.

After a year of waiting, I was selected to attend the FBI Citizens' Academy. Having first heard of the program thru InfraGard, I was immediately interested in becoming part of the growing community of citizens who get to learn first hand how the FBI functions.

In the San Francisco Bay Area region, the FBI currently hosts 2 sessions a year with an average class size of 30. Attendees are local business, civic and religious leaders that have been nominated by Bureau employees and Academy graduates. The program consists of 5 consecutive weekly evening classes and a "Day at the Range" with the members of the SWAT team.

I'm looking forward to attending the Academy and reporting back to the community.

The first of 5 Thursday nights spent in Menlo Park attending the FBI Citizens' Academy went off well. Our first night topics included a general introduction to the FBI, counterintelligence and computer forensics.

The sessions are held at the regional computer forensics laboratory in Menlo Park and the attendees in my session are a broad cross section from the community. From computer geeks (like myself) to school principals, attorneys, professors, entrepreneurs and movie makers, the class seems to represent a little of everything from the 15 counties in the San Francisco division.

After a good overview and history of the FBI, we were introduced to the counterintelligence strategic plan. With respect to counterintelligence, the goal of the program is to identity and disrupt threats while also trying to change the behavior at targeted organizations to minimize exploitation. In order to meet goals of identification, disruption and behavior change, the FBI has six counter intelligence strategic objectives.

1. Prevent or neutralize WMD technology or equipment
2. Prevent penetration of US intelligence community
3. Prevent penetration of US government entities and contractors
4. Prevent penetration of critical national assets
5. Conduct counterintelligence operations focusing on countries that constitute the most significant threat to U.S. strategic objectives
6. Collect, produce, and disseminate domestic foreign intelligence and counterintelligence.

The final topic for the evening was a presentation by the director of the regional computer forensics lab. The RCFL in Menlo Park services all law enforcement agencies within the area, just not the FBI. The facility houses 9 fulltime analysts whose job it is to extract evidence from computers in accordance with legal warrants. Any local enforcement agency can drop off computer equipment for analysis. And while it's the FBI that foots the bill for the lab, it's both the FBI and local agencies that support and use the facility. According to the director, there are 14 labs and some 400 computer forensic examiners nationwide.

During week 2 of the FBI Citizens Academy we were introduced to the cybercrime division and the art of the polygraph.

The FBI's cyber crime mission is to:

1. Stop serious computer crime intrusions
2. Identity and thwart online sexual predators using the Internet for crimes against children
3. Counteract operations that target US intellectual property, endangering national security and competitiveness
4. Dismantle national and transitional organized criminal enterprises engaged in Internet fraud.

Terrorists use the Internet to facilitate the "3 C's" - Command, Control, and Communication. The FBI reports that terrorists commonly use public sites for intelligence gathering, like Google maps and localized municipalities that put maps of critical infrastructure on their websites. In addition, terrorists use the Internet for advertising, propaganda, fund raising, recruitment and training.

Often times, the terrorist groups use US based businesses (Yahoo, MSN, Gmail) for email because US privacy laws protect the information. At any one time, there are an estimated 5 to 20 thousand active terrorist websites on the Internet. A number of prior terrorist website examples were shown including discussion boards that were being used to share intelligence on target victim sites. The FBI called out a number of common cyber security attacks that included: website defacement, denial of service, Intrusion and SCADA. In particular, the threats and possible outcomes with regards to importance of SCADA systems were highlighted.

The second primary discussion point for cyber security was that of crimes against children. Due to the long-term psychological impact related to these types of cases, agents must volunteer for these assignments. The presenter discussed their common workloads and walked the class thru two case studies that involved pedophile activity discovered when the perpetrator posted evidence online. What I found most interesting about this part of the presentation was the role the Internet has played in finding these perpetrators. Crimes against children are not new and if law enforcement primarily finds suspects due to Internet activity, then consider the number of people who don't put their pictures on the Internet. And how many of these crimes are / were committed before the Internet came into existence.

The second topic for week 2 was the polygraph. Polygraph, means "many tracings", and the test examines the subject's physiological reactions to questions by looking for changes in breathe rate, sweat and cardio.

The polygraph test itself consists of three phases; the pre test interview, the in-test phase and the post-test. The polygrapher reviews the results and determines the results to be one of three classifications: NDI, DI or INC. These acronyms stand for No Deception Indicated, Deception Indicated and Inconclusive. The results of polygraph tests are not admissible as evidence due to a number of precedent setting court cases. In addition, in a number of independent studies including a 2003 report from the National Academy of Sciences, find the tests to be less than 100% accurate.

Within the FBI there are 95 examiners nationwide and nearly 18,000 exams are issued each year worldwide. In order to qualify as a polygrapher, agents must pass a 14-week course administered by the Academy of Polygraph Science. The training includes administering 50 live exams during the 14 weeks. Upon graduation, agents are assigned to a senior examiner for 1 year.

nCircle Mini RC Helicopters
Attend one of our scheduled show floor presentations and take home an nCircle RC helicopter.

nCircle Eco Bag
Fill out our show floor survey and we'll help you go green with an eco-friendly bag

Win an Amazon Kindle2
Follow nCircle on Twitter by 6pm Thursday April 23rd to be entered into a contest for a Kindle2

Week three of our course encompassed a presentation and hands-on workshops with the evidence response team and in real life it's nothing like the popular TV show CSI.

Better known as ERT, the 32-member team of the San Francisco division is staffed by volunteer agents. Nationwide, the FBI has 56 teams with about 1,200 members. When the team has a "callout", no less than 8 agents respond to the crime scene and their time on-scene can easily take an entire day. Their job description sounds easy; it's the collection and preservation of evidence. In actuality, the work is both meticulous and daunting.

After an initial presentation we broke into working groups and we each got a chance to try three key tasks: collecting fingerprints, using the alternate light source and learning the "art of the sketch".

As with all the evidence work, collecting fingerprints requires experience. The challenge of finding prints, dusting and collection were evident from our blackened fingers and work surfaces.

Next, we learned about the magical properties of light by using a device called the alternate light source (ALS). The ALS can emit a number of selectable wavelengths that causes resident materials to either absorb or reflect light. In one example, a carpet sample that contained an obvious bloodstain under white light later emanated a much larger stain by use of the ALS.

Finally, we learned the importance and art of "the sketch". The agent assigned to sketch duty is generally the first to walk a crime scene. Using landmarks, tape measures and laser sights, the sketcher produces a bird's eye view of the scene. It is their job to both accurately depict the scene where evidence is found and give the evidence gathering team directions at the scene.

In what is traditionally a shoulder-to-shoulder mad dash for giveaways, the opening night of RSA was more reminiscent of the last day when most of the people are already homebound. Forget trying to determine who isn't here this year, but consider which companies won't be here in 6 months as witnessed by their dotcom-bomb spending patterns.

Because I always buy a full conference delegate registration for RSA, I am left out in the Moscone lobby area waiting for the expo floor to open. In years past, the crowd waiting in line for their free food and drinks on the Monday night open has looked more like a giant herd of cattle. This year, you could have popped a tent; BBQ'd, and setup a tennis court. The cavernous rooms didn't stop there. Once the floor opened, lines at the bar were nil and corridors were congestion free.

History repeats itself time and time again. Here is a hint, want to know who will be bought in 2009? Just look around at the show floor and take inventory of which vendors are spending like they didn't learn anything about the dotcom bomb days. Which vendors bought bigger booths? Which are giving out free stuff without asking for anything in return? Don't feel pity for the small vendor booths on the perimeter, go congratulate them for spending within their means.

See you at the show!

Managing IT for a software company has its challenges. For me, the lines between efficiency, security and innovation are difficult to draw at a company like nCircle where engineers require some freedom to perform their best. The panelists at the RSA session "Responding to the ignored threat - Macs in the Enterprise" seemed to face the same kind of problems I do.

Based on the war wounds of the speakers, enterprises continue to find challenges when they try to bring Apple products into their security fold. Each of the enterprises has the usual defined security policies and on a daily basis they weigh the risks associated with "grey " areas against the productivity of their users. Today's hot topic was the largely ignored impact of Apple products on security practitioners working hard to reduce enterprise risk.

At Universities the Mac population has been on a significant increase and nearly 50% of all users, students and facility, use Macs. In addition to the Mac, nearly all users either have or want an iPhone. Both these devices make enterprise security problems more daunting. Try telling your new employee he can't have his favorite productivity tools because of security issues.

The panelists each discussed their current environments along with the trends and challenges they face with the Mac, and with all end points. A common opinion among the speakers was that the ease of use built into all modern computers, and especially Macs, have made users less knowledgeable and this is a bad thing for security. A naïve user is more likely to fall victim to attacks like phishing. A naïve user, with a burning desire for Apple products with their inherent lack of centralized management tools spells trouble.

Panelists offered a number of suggestions for tackling these issues. At Baylor, they are actively working hard to deploy Open Directory so that IT security can set basic end point security policies like screen saver passwords and control over patching cycles. At the University of Georgia system, the security team has put a significant emphasis on training. This teams holds brown bag sessions monthly, sends out newsletters and other communication tools help them increase awareness and reduce overall risk.

Sadly, it was evident from the discussion that Apple's continued reluctance to provide enterprise security tools is still causing heartburn for security professionals. Apple has yet to deliver anything on par with the policy systems Microsoft has built into Active Directory.

Maybe it's in my nature to expect something more all the time. Melisa Hathaway's speech lasted maybe 20 minutes and could have been written during the prior administration last year. Any insight into what we can expect for goals from the 60-day review were completely glossed over.

The keynote began with a hokey spoof of the classic TV show Mission Impossible. A narrator with a deep voice gives, Ms Hathaway her mission to secure the nations cybersecurity infrastructure. The message concludes with a warning that her blackberries will self-destruct in 60 days, a weak nod to the technical audience.

Ms Hathaway's speech followed the typical script. She covered historical, current and real threats along with their outcomes. Whether it was the recollection of the movie WarGames or an attack on ATM machines that was years old , the content was a supposed to make the audience feel fear. These obvious tactics were old news for the technical and extremely knowledgeable audience.

When she finished dispensing fear we learned about the enormous effort of the 60-day review she is carrying out. Ms. Hathaway likened the ambitious goal to a marathon, not a sprint, and told us about the numerous organizations consulted. The 60-day review team is targeting private companies, federal, state and local governments as well as to other countries. No surprise here.

In what Ms Hathaway termed as a "trailer", we got a brief glimpse into her 60-day review findings. To no one's surprise the review calls for greater public discourse, private/public partnerships and a significant call to action for the audience sitting directly in front of her.

What we didn't get was any new information or new ideas and no specific course of action beyond what we all already understand to be necessary. It must be my fault for expecting something more. I'll work on pulling back on my expectations in the future.

Putting Simon Crosby and Chris Hoff on the same panel to discuss virtualization security is a recipe for a good lively discussion. At the end of the panel, the audience was not disappointed. In addition to Crosby and Hoff, the panel also included Michael Berman of Catbird and Stephen Herrod of VMware.

The discussion started with some hi jinx by Crosby and Hoff. Crosby handed out gifts to the panelists that included a broken toy sword and a ball and chain. Hoff gave out cigars, one notably much smaller for his nemesis, Mr. Crosby. Despite Chris Hoff's sometimes-flamboyant style, he initially came out mild mannered and on an even keel. His moderate, centrist and thoughtful approach lasted throughout the discussion. Conversely, Simon Crosby of Citrix and huge proponent of Xen spent most of his time trying to put VMWare into a corner. Crosby touted Xen as the most secure hypervisor system because of its open nature and its continuous real life testing because of it's use as the foundation of Amazon's EC2 offering.

Despite the moderator's attempts to encourage the panel to discuss real world security implications of virtualization, the topics kept going back to the implementation and security of VMware products like vShield. In the final moments of the session, the panelists did finally provide a few recommendations worthy of implementing today. One of these nuggets was that insight included most of the security basics necessary for all systems, virtualized or not. Examples of these basics included using configuration guidelines, creating operational plans that include security and risk considerations and building architectures that consider the security implications of the entire virtualization life cycle.

Overall, the virtualizations security panel was entertaining and insightful.

Hard to believe, but RSA 2009 was just last week. I found it to be a very successful show and now it's my turn to recap.

Themes
Every year the marketing team tasks me with finding themes at the show. In no particular order, the top themes between the talks and the booths were: virtualization, cyberwar/cybersecurity, and compliance/policy/regulation.

Attendance
During the first part of the week, I had noted that the attendance appeared to be dramatically lower than usual. To my surprise, as the week progressed, the attendance appeared to be on par with prior years. In fact, a member of the RSA conference PR team emailed me to say that the unofficial count for 2009 is less than 15% off of prior years. Considering current news of financial cutbacks, a drop in less than 15% would appear to be pretty good.

Best Event
Without a doubt, the security bloggers meet up on Wednesday evening was the week's highlight. This was a great chance to chat candidly with bloggers, press and friends.

One Thing I Learned
The Virtualization Security Panel opened up slew of new thoughts for me. Hopefully, I'll have some time to both implement my ideas at work and share them in a blog post.

Special Thanks
Special thanks to a number of journalists who let me share some time with them: George Hulme, Dennis Fisher and Ryan Naraine

All my blog posts from RSA 2009.

Week 4 of the FBI Citizens' Academy: Violent Crimes, White Collar Crimes and Civil Rights Crimes.

The mission of the FBI violent crimes program is to:
* Effectively address those violent crimes that pose significant risk to citizens of the US.
* Reduce incidents of crimes against children.
* Address other major violent crimes to include Indian Country, transportation and other special jurisdiction crimes.

Common crimes include bank robbery, kidnapping, and extortion. The presenter referred to the uniformed crime report (UCR) for anyone wanting the most up to date crime statistics. He did, however, highlight some interesting statistics. According to the 2006 UCR, there are only 2.4 sworn law officers per very 1,000 inhabitants in the US. Further, according to a number of news outlets, nearly 1 in every 100 adults is behind bars.

The presenter turned our attention to criminal gang activity nationally and locally. According to Morgan and Quinto press, in 2007 the most dangerous cities included Oakland at number 4 and Richmond in9th place. Gangs, as the presenter taught us, fulfill social needs for their members. Whether it is the mimicking of an extended family, creating social or ethnic bonds, the gangs provide members with an identity that is represented by their clothing, hand signs, graffiti and tattoos.

White-collar crime efforts fall into 2 areas of the national FBI priority list - #4 combat public corruption at all levels and #7 combat major white collar crime. Crimes that typically fall under the white-collar division include public corruption, corporate or securities fraud and health care fraud. Of these crimes, the most up and coming are financial fraud including mortgage fraud and Ponzi schemes. The FBI investigates public corruption cases and provides check and balances in the criminal justice system because agents typically have fewer local and political ties.

The final topic for the evening was civil rights. The FBI is the primary federal agency responsible for investigating all allegations of civil rights violations. Selected crimes involving civil rights allegations include: hate crimes, color of law, human trafficking and freedom of access to clinic entrances act.