John Roberts and Wasim Al-Hamdani presented on cloud security in the InfoSecCD '11 Proceedings of the 2011 Information Security Curriculum Development Conference.
Interesting resources in the bibliography section:

1. Y. Chen, V. Paxson, and R. Katz. What's New About Cloud Computing Security? Technical Report UCB/EECS-2010-5, Berkeley, 2010  
2. Pianese, F., Bosch, P., Alessandro, D., Janssens, N., Stathopoulos, T., and Steiner, M. 2010. Toward a Cloud Operating System. Network Operations and Management Symposium Workshops (NOMS Wksps).  
3. Jensen, M., Schwenk, J., Gruschka, N., and Iacono, L. 2009. On technical Security Issues in Cloud Computing. IEEE International Conference on Cloud Computing.  
4. Geer, D. 2009. The OS Faces a Brave New World. IEEE Computer Society Volume 42, issue 10 p. 15--17.  
5. Ertaul, L. and Singhal, S. 2009. Security Challenges in Cloud Computing. California State University, East Bay. Academic paper http://www.mcs.csueastbay.edu/~lertaul/Cloud%20Security%20CamREADY.pdf  
6. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. "Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds." ACM CCS 2009  
7. A. Cavoukian, "Privacy in the clouds", in Springer Identity in the Information Society, Published online: 18 December 2008. http://www.ipc.on.ca/images/Resources/privacyintheclouds.pdf
   
   Source: http://dl.acm.org/citation.cfm?id=2047458&CFID=57421764&CFTOKEN=12463119
   

12 Initiatives Outlined by the Comprehensive National Cybersecurity Initiative (CNCI) launched by President George W. Bush
in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/
HSPD-23) in January 2008.

1. Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.
2. Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise
3. Initiative #3. Pursue deployment of intrusion prevention systems across the Federal enterprise.
4. Initiative #4: Coordinate and redirect research and development (R&D) efforts.
5. Initiative #5. Connect current cyber ops centers to enhance situational awareness.
6. Initiative #6. Develop and implement a government-wide cyber counterintelligence (CI) plan.
7. Initiative #7. Increase the security of our classified networks.
8. Initiative #8. Expand cyber education.
9. Initiative #9. Define and develop enduring “leap-ahead” technology, strategies, and programs.
10. Initiative #10. Define and develop enduring deterrence strategies and programs.
11. Initiative #11. Develop a multi-pronged approach for global supply chain risk management.
12. Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains.

http://www.whitehouse.gov/sites/default/files/cybersecurity.pdf

CIO shares Gartner VP Ken McGee's 16 long-held business practices that need to be discontinued:

The short list of targeted items includes:

1. Stop recommending mega projects

2. Eliminate differences between CIO/CEO projects

3. Terminate projects that do not improve the income statement

4. Abandon CIO priorities that don't support CEO priorities

5. Stop recommending mega projects

6. Terminate existing apps that do not yield measurable business value

7. End the practice of putting the enterprise IT spending within the CIO budget

8. Abolish environment of little or no IT spending accountability

9. Eliminate IT caused business model disruption surprises

10. Kill cloud-a-phobia

11. Abandon level 1,2,3 tech support

12. Kill chargeback systems

13. Stop issuing competitive bids

14. Stop holding onto unfunded projects. Stop IT hoarders

15. End discrimination against behavioral skills around social sciences

16. End unbalanced support between back and front office

http://www.cio.com/article/692130/Gartner_16_Long_Held_IT_Business_Practices_You_Need_to_Kill

The Fort Worth Alliance Airshow was cancelled on 23 October, 2011 due to weather conditions.  The weather on Sunday was fantastic, but the parking lot was soaked.  The muddy mess led to the cancellation of all performances due to unsafe conditions.
The Alliance Airshow staff does a great job planning for the event.  I've been in attendance many years at the Captain's club, Flight Deck, and met many of my friends and colleagues in Fort Worth.  The vendors, performers, and attendees wanted the show to go on.
As pilot Michael Rambo puts it, "just like flying, safety first."
See you next year!

One of my favorites from the 2006 Alliance Airshow:

One of my colleagues, Dr. Van Dewark is looking for a new moppin sauce recipe.  The one below is real good for pork...especially if you like
Deejay’s Infamous Dipping Sauce For Pulled Pork
2-juiced lemons,
1 teaspoon white pepper,
1 teaspoon sea salt,
1 teaspoon Cajun spice,
4 teaspoons pure Maple syrup,
4 teaspoons Tomato Based BBQ sauce

Some great guides that have helped me smoke meats, create rub recipes, etc: http://www.deejayssmokepit.net

Ariel Tseitlin and Yury Izrailevsky from Netflix share their approach to cloud adoption using "Simian Army" suite of tools.
Below are the definition of the various tools Netflix engineers created:

Chaos Monkey, a tool that randomly disables our production instances to make sure we can survive this common type of failure without any customer impact.

Latency Monkey induces artificial delays in our RESTful client-server communication layer to simulate service degradation and measures if upstream services respond appropriately. In addition, by making very large delays, we can simulate a node or even an entire service downtime (and test our ability to survive it) without physically bringing these instances down. This can be particularly useful when testing the fault-tolerance of a new service by simulating the failure of its dependencies, without making these dependencies unavailable to the rest of the system.

Conformity Monkey finds instances that don’t adhere to best-practices and shuts them down. For example, we know that if we find instances that don’t belong to an auto-scaling group, that’s trouble waiting to happen. We shut them down to give the service owner the opportunity to re-launch them properly.

Doctor Monkey taps into health checks that run on each instance as well as monitors other external signs of health (e.g. CPU load) to detect unhealthy instances. Once unhealthy instances are detected, they are removed from service and after giving the service owners time to root-cause the problem, are eventually terminated.

Janitor Monkey ensures that our cloud environment is running free of clutter and waste. It searches for unused resources and disposes of them.

Security Monkey is an extension of Conformity Monkey. It finds security violations or vulnerabilities, such as improperly configured AWS security groups, and terminates the offending instances. It also ensures that all our SSL and DRM certificates are valid and are not coming up for renewal.

10-18 Monkey (short for Localization-Internationalization, or l10n-i18n) detects configuration and run time problems in instances serving customers in multiple geographic regions, using different languages and character sets.

Chaos Gorilla is similar to Chaos Monkey, but simulates an outage of an entire Amazon availability zone. We want to verify that our services automatically re-balance to the functional availability zones without user-visible impact or manual intervention.

I like the approach of the Simian Army to simulate failures and keep systems healthy, responsive, and available.  Two follow-on thoughts:

1. Is the Simian Army a suite of COTS tools, homegrown scripts, or a combination of COTS customized.
2. What are the results of testing and simulation using these tools?

Would be great to see this in a case study format or detailed journal paper.
Entire post (Netflix) - http://techblog.netflix.com/2011/07/netflix-simian-army.html?m=1

American test pilot Chuck Yeager flew the X-1 aircraft, affectionately named "Glamorous Glennis" after his wife on October 14th, 1947.  Yeager's historic flight signaled the first manned flight to break the sound barrier, launching the USA flight program ahead of Britain and Germany.

It was more rocket than plane, developed specifically to fly through the shock waves of the sound barrier, with Yeager as pilot. "About half of the engineers gave us no chance at all of ever successfully flying beyond the speed of sound. They said it's a so-called barrier and the airplane would go out of control or disintegrate, but I didn't look at it that way."

More info @ http://www.youtube.com/watch?v=dke2i-xO1uo

Excerpt from Andy Gravvet's 08-Sept article on GovLoop

Chief Information Officer's Role

The primary role of the CIO is to provide policy direction, maintain the IT infrastructure of the organization, ensure proper security measures are followed, and to evaluate and control capital expenditures to facilitate the portfolio management of the organization. The graphic below illustrates a more detailed list of the functions of the CIO. Clinger-Cohen defines the general responsibilities as follows:

"(1) providing advice and other assistance to the head of the executive agency and other senior management personnel of the executive agency to ensure that information technology is acquired and information resources are managed for the executive agency in a manner that implements the policies and procedures of this division, consistent with chapter 35 of title 44, United States Code, and the priorities established by the head of the executive agency;

(2) developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the executive agency; and

(3) promoting the effective and efficient design and operation of all major information resources management processes for the executive agency, including improvements to work processes of the executive agency."



Chief Technology Officer's Role

The CTO's responsibility is to provide overall awareness of technologies that can be used to advance the mission of the organization. This role is illustrated in the graphic below and the primary functions of the CTO are described below:

• Emerging Technologies - Must be aware of emerging technologies to select the proper capabilities to infuse into the organization
• Market Assessment - Must be prepared to review the market to find technologies that can most efficiently meet the needs of the agency
• External Relationships - Must work closely with government agencies and private industry to ensure that the government's needs are addressed and that the organization is aware of the latest technological innovations
• Evolving Infrastructure - Agency's infrastructure is constantly changing and the CTO must be aware of these changes and bring technologies to the organization to enhance the agency's capabilities
• Transparency - With the current requirement to increase transparency across the government, the CTO must understand the issues surrounding open government and seek technologies that can be used to enhance agency communications with the public
• Security - Must be aware of security issues and what technologies are available to secure the agency's networks, data, and IT assets

Read the full article: http://www.govloop.com/profiles/blogs/the-roles-of-cios-and-ctos

National Institute of Standards and Technology cloud computing standards roadmap released Sept. 13.

Russell Working over @ Ragan.com shares his techniques before responding to those snarky emails.
Instead of a scorched earth policy, try these tips to avoid a "reply-all firefight":

1. Re-Read the original message
2. Pause before sending hostilities
3. Respond in person, by phone
4. No cursing!
5. Chose words carefully
6. Limit emoticons, acronyms
7. Use reply all cautiously

When I get an inbox slam, I often sleep on it before responding. Generally what we think are major episodes, conflicts, or issues don't seem as big the next day. I would also add another step for assessing the value of responding with your own slam. We must think, "to what purpose does this serve? to what end?" Sometimes it's just pride and bruised egos.

Conventional wisdom holds "do not argue with an idiot, people watching [reading] may not be able to tell the difference." Sound advice for limiting a CLM (career limiting move) via email.

Have a great day