Thursday, November 20th, 2014, Macbrained organized a meet-up at Salesforce. This was the first of its kind for the community. We decided to host two panels: Security & General I.T.
Our Security Panel featured:
- Leo Kermes, CISSP, GIAC, ISSP, ISSO – Principal Security Architect, Salesforce
- Justin Wilson, CISSP – Lead Systems Administrator, Lookout
- Charmaine Wilson, CIA, CISA – Senior Manager, Deloitte
- Mike Dodge – Client Platform Engineer, Facebook
- Jeff Strauss – Senior Client Engineer, Twitter
Security has been a hot topic over the last few years. Many I.T. administrators are curious how other organizations handle OS X security within their environments. Macbrained queried the community for questions regarding these topics. A copious amount of people wanted the same questions answered, surrounding passwords, AV, and certificate management. Our panel answered a few of our Google Moderator questions:
- AV Software on a Mac, Is it there for legit reasons, or just for compliance?
- What are the top security threats for OS X right now?
- Binary white listing is becoming a thing on OS X. Rolling it to a Mac user base is likely to cause bigger waves than a Windows based user base that is used to having restricted rights etc. Anyone have a plan?
- Password rotation what are your policies? Certificate deployment/rotation, using SCEP or other methods, and what services are you deploying certificates for? How often do you rotate them, and is it actually working?
Some of the of the answers provided from our panel were:
- AV is installed on most systems but for compliance. “Compliance is a hot topic and having tools in place letting people know assets are protected.”
- Top Threats – Java Webplugin
- Binary White Listing – People are beginning to take a look at Google’s new open source tool Santa
- Password Rotation –
- 90 Days seems to be average number of days to expire a password.
- Fewer password changes with stronger password requirements.
- Behavior is the key to managing password management.
- 2-factor Auth needs to start being utilized on a more frequent basis.
This panel was a hot topic that many were interested in. We could have spent the entire meet-up on this topic however, we transitioned to General I.T. halfway through the event. Our General I.T. panel featured:
- Luke Robles – Client Platform Engineer, Facebook
- Waylon Janowiak – I.T., Manager, Optimizley
- Gage Beauchemin – Enterprise Services Manager, The Linde Group
- Nick Mcspadden – Client Systems manager, Schools of the Sacred Heart
- Jeff Kendrick – Sr. Manager I.T., Salesforce
Some questions from our Google Moderator consisted of:
- 10.10 and OS Updates. What were the steps you took to roll out 10.10? Were you able to roll 10.10 out when it was released? Please explain your “plan of attack” for 10.10? Is this your plan you did when Mavericks came out?
- What tools are you using to track corporate software licenses?
- Do you find yourself writing a lot of code or are you able to do the work you need with the solution written by others? Do you think code writing skills are helpful for the work you do?
Here are some of the responses:
- Regarding 10.10 and OS updates – Munki, Casper, createOSXInstallPkg, First boot Package Generator Tool.
- Tracking software licenses, Snipe and Casper.
- Surrounding the topic of coding
- “Months of programming could save you hours of time.”
- Remedial coding is better than no coding. Fundamental knowledge of coding will just strengthen your cause
- There is a time to code and there is a time to lean on the community
Both panels provided quality feedback to the questions asked by the community. They were informative and gave a good overview to the community.
We want to thank all the panelists who participated. If you search the hashtag #askmacbrained on Twitter then you can find all the posts from our Salesforce meet-up. We will be posting extra questions on our website for anyone in the community to answer.
We look forward to seeing you on the forums and at our next meet-up.