Joel Rosenblatt

Director of Computer and Network Security

Columbia University


Using Metrics to Improve Your Security Program – Part 2

Posted on: 08 Jan 2018

In my previous article, I tried to cover why metrics are an important part of your security program and some of my beliefs about how metrics should be created and used. I am often asked about what specific metrics I collect, what metrics are important to my trustees, and how I report on them. I…

Using Metrics to Improve Your Security Program

Posted on: 02 Jan 2018

So…you are responsible for the computer security of your organization. You probably have many great ideas on how to do this. You start looking around for products and services to implement those plans of yours and figure out quickly there are no commercial solutions that fit into your budget. Now what do you do? Enter…

Is Your Next Security Failure One Fat Finger Away?

Posted on: 12 Mar 2017

The first week of March in 2017 will be remembered as the time that AWS (Amazon Web Services) failed. The actual failure was in the Amazon Simple Storage Service (S3), but to the world in general, if your stuff was running in the Amazon cloud, it was not working. Amazon provided a very complete write up…

Hacking the Election – The Emperor’s New Clothes

Posted on: 31 Oct 2016

Normally, I would never talk about politics, and this story will not be an exception.  However, the analogy here is too good for me to pass up. Let’s say that we are going into an election. One of the candidates Mr. T (I pity the fool), has continuously stated that everything has been rigged against…

What Happens When the Virtual World Becomes Real?

Posted on: 18 Aug 2016

I read an interesting article the other day about a talk at DEF CON – Thermostat Ransomware: A Glimpse into the Future of Crime in Cities It was about how the speakers did a proof of concept of a ransomware infection of a smart thermostat.  My first reaction (as a geek) was, “Cool!”  Then I started…

Going Down the Slippery Slope

Posted on: 29 Jun 2016

One of the most useful things to me in trying to secure an enterprise like Columbia University is information, and the more information, the better.  This means that for most of the time that I am not in meetings, I sit and read. Most of my input overload comes in the form of emails, approximately…

Security: It’s Not the Speed that Kills

Posted on: 01 Jun 2016

My friend Randy Marchany tweeted a link to an article “Millennials Value Speed Over Security, Says Survey”  that started me thinking about the apparent conflict between speed and security.  If you google “Agile software development,” you will see a Wikipedia page, which extensively covers the topic. “Agile software development is a set of principles for software development in…

It’s the Data, Stupid

Posted on: 10 May 2016

I was looking at Facebook the other day (yes, I know – a security guy that uses Facebook – just wait until you have grandkids and a scary message appeared at the top of the page. It was the 39 year anniversary of my employment at Columbia University. I have been working in IT for 39…

Security is Not a Thing

Posted on: 06 Apr 2016

This seems to be the time of year that everyone is holding a security conference.  I will be attending eight from January through the end of April (and speaking at four of them.) The interesting thing about most of these meetings is that they are usually sponsored by vendors, who believe that their product or…

First Sharknados, Now Cyber Pathogens – What’s Next?

Posted on: 05 Mar 2016

I guess it’s time to admit that I might be getting older.  When will the adults of the world take back the media and create a Bull S*** rating system.  We have a rating system for movies: “Rated PG: Parental guidance suggested – some material may not be suitable for children. Rated PG-13: Parents strongly cautioned…