Social Networking (and Media) for Security Professionals - Part Seven - Tie it all Together

Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand.

Putt's Law

All this social networking is impressive..... There is uncanny ability to communicate in ways unheard of before, but what does that mean to your everyday life?

I think a core principle to remember is that everyone has different reasons and objectives for social networking in their life. There is no "best way" to do any of this, the trick is finding your stride and keeping on top of your priorities. That being said, it' helps to have some guidance. Below I've outlined my basic social networking / media use -- it works for me and maybe you'll get some value from it.

1. Decide your personal / professional balance.
I'll always say there is a great value to merging parts of your personal and professional life. But everyone knows there needs to be a separation point. It's important to decide what social networking mediums you'll use for each early on. Since the privacy settings on most social networking services are controllable, it's easy to filter out your private information.
I know a lot of people who use Facebook for personal use only. If that's your decision, you can either refuse all non-personal friend requests (not as offensive as it sounds, trust me) or set your account up so that all your status updates, activity, pictures, links, etc. can only be viewed by a specific group of people.
LinkedIn is purely professional, so that's a no-brainer. Twitter can be either, or both.
Here's my breakdown:

Twitter - I'm about 65% professional and 35% personal now
Facebook - around 20% professional and 80% personal
Myspace - never use, there are links to my Facebook and LinkedIn profiles the Myspace page
LinkedIn - 100% professional

2. Define your goals.
My goal for using social networking in my professional life is to share my experience, gain insight, and build a robust network of peers, clients and resources.
I share my experience through this blog, gain insight through following smart people on Twitter and build my network with all three of my core services. True, I also use Twitter to share my experience and help other security professionals, and use other blogs to learn from smart people - it's all interchangeable. My point is - it's easy to be caught up wasting time on things that are valuable on the surface, but distract you from what you should be doing. Defining your goals helps you build your daily methods of use in a way that's beneficial.

If you are a manufacturer or vendor, you can use these tools to keep your clients up to date with news and info that's useful to them. You can scan Twitter to find anyone talking about your product, and communicate with them first hand. For instance, I made a comment about a popular feed reader on twitter and one of the engineers replied, helping me fix a problem -- how's that for customer service!
Communicating with end users and consultants helps get the word out about your product or service (just to SELL all the time - people will ignore you). Give them value, and interact with them in ways that are beneficial to both.

If you are a consultant or practitioner, you can share valuable information with others and exchange dialogue on current topics. Having first hand access to manufacturers and users is a huge benefit when feeling out opinion, asking about experiences and forming your own opinion. Using these tools to build your network will definitely help broaden your resources and understanding.

If you are an end user, you can get real-time, first hand information on products, services and industry news. You can have a direct line to industry shakers and movers, discuss the topics that are real in your world.

3. Define your daily methods.
My wife may disagree, but for most accounts I think I balance my on-demand life well. It's easy to get zoned in on the blackberry when there is nothing else going on so it's important to develop ways to process all this information without letting it overtake you.

Twitter - When I'm at work, I have TweetDeck running on my laptop (I run two systems/three screens). It's segmented with columns for security people, local people, replies and direct messages. When I'm on hold, taking a break between tasks, eating a snack, etc.. I scroll through the posts to see what's up. I have Twitterberry on my phone and tend to scroll through tweets when I'm sitting in waiting rooms, stuck in traffic, or have a short amount of time with nothing pressing to do. The only alerts that I have routed to my phone (via SMS) are direct messages and specific RSS feeds made from hash tags I'm following closely.
When I post security related information, I try to keep it to interesting articles or breaking news- the kind of thing I'd find interesting or valuable if someone else posted it.
I use Twitpic a lot to post pictures I snap from my camera-phone. Most of these are either of my son, or interesting / funny things I see everyday.

Facebook - have the Facebook app installed on my blackberry and scroll through friends status messages in the same way as scroll through Twitter messages.
Since I use status messages for both professional and personal reasons, I use the Selective Twitter Status app to post to both when I want - by including "#fb" on the tweet.
I post mostly personal pics when I do, the kind that friends and family are interested in but am often surprised when a professional contact strikes up a conversation after seeing new pics.
I see Facebook as the great bridge between personal and professional life and a unique way to help enhance all my relationships.

LinkedIn - I set up my LinkedIn account in a way that would help define my professional career to people looking for information about me. I did list past employment positions, but not specific duties. You'll see many people set up their profiles just like an online resume. There is nothing wrong with that, but I just choose to keep it at the basics. If someone wants to know more about what I did in a job 15 years ago they can just ask me.

Media - I didn't get a chance to talk about the "media" part in the last segments, but I'll throw it in here for good measure. I use Picasa to share photos with both personal and professional contacts (setting up albums for specific reasons/groups) and Flickr for personal use. I use the entire Google online suite of apps for online sharing, collaboration and storage but that can be a series in itself.

To help keep up with everything,I use a lot of RSS feeds . Just about every social networking or media service provides RSS feeds, customized the way you want them. FriendFeed is the perfect social media aggregator that helps you keep up with all your friends' activities. You don't have to keep up with everyone all the time, but it's helpful to have something like FriendFeed set up with your contacts so you can use it when you want.

I recently made a FriendFeed group called Physical Security Online.
Maybe it's just me, but I believe that social networking should be an open format. You'd think that the security industry learned it's lesson with proprietary systems, but I see more and more industry specific social networks pop up. Using open services like Twitter, Facebook and LinkedIn help tie sister industries together and foster advancement and value for everyone. That doesn't happen with proprietary networks - and they make people have yet another service to stay on top of. There is nothing these closed networks can do that can't be done with the open ones. You can even have password protected groups (LinkedIn / Facebook), rooms (FriendFeed) and maintain control of the information that's public.
To me, these closed networks are either safe wading pools for people to start out in, or captive audiences for someone to cash-in on having a market segment use one service.
The Physical Security Online FriendFeed room is an open network aggragator. I run members' Twitter feeds into the group feed so there is one central RSS feed you can subscribe to and get all the groups updates. Members can post links of interest directly to the feed as well as comment on items posted by others. As an added bonus, the room is a directory of industry people and their social media accounts! You can read more about it here , and visit the room here. To join, just get your FriendFeed profile set up and add your services, than join the group.

Social Networking (and Media) for Security Professionals - Part Six - Feeds

I probably should have talked about RSS Feeds before tossing the FriendFeed concept out there. Feeds themselves are everywhere, and have changed the way the web works. There's a chance you're already using them even if you don't realize it. Just about every customizable "home" or "start" page now gives you the ability to choose your content. That content is usually delivered to your page via RSS feeds.

RSS stands for Really Simple Syndication, and although it's simple overall - the possibilities are as complex as you want them to be. But basically, the RSS feed takes content from a static location (a website, blog, online photo or file storage, etc) and puts it in a form that can be subscribed to, and can be broadcast to all subscribers.

Before newspapers, you'd have to go to each source (author of each story) to get your information. Someone had the great idea to put all that information in one place, and deliver it to you every day. Can you imagine trying to keep up with situations or events by checking with every source, and then seeing a newspaper for the first time?

After that, it seems like a huge waste of time doing it the old way.

Just like now, going to websites is a huge waste of time.

So, from here you can take your feeds and have them routed to the interface of your choosing. (cut and paste the link URL) There are software feed readers, online feed readers, widgets and gadgets that can customize your content delivery in a way that works for you. I use multiple resources to get my RSS feeds that I keep up with because some of them are more important than others. Some of the content I monitor is important enough for me to be physically notified if there is something new or something that meets predetermined criteria. Other content that I care about is put in a place that i can easily go through, share with others and comment on.

Most web content is available in RSS form now. In fact, if you didn't already know about them you were probably wondering what that little orange square with the volume sign was supposed to mean. Just take a look at your favorite sites to find RSS links, not only the news sites and blogs but where ever you put your online pictures, files and just about everything else.

From a security prospective, I'd like to see access control, alarm monitoring and even video systems run RSS feeds along with their usual reporting output. That way, on the operational side you could easily take advantage of existing feed management services to get the information you need, where you need it and when. What would you rather do, install proprietary software on your Blackberry or use an existing feed reader service to handle your feeds? (don't worry - you can make RSS feeds secure with username/passwords)

FriendFeed is a service that takes all the RSS feeds published by your social networking and media sites, then aggregates them - publishing one combined feed. But that's not all, FriendFeed itself has become something of a social networking site because you can subscribe to other user's feeds through their interface. In fact, you can subscribe to a feed comprised of feeds, comprised of your friends' content. They even let you create "rooms" that can be shared with like-minded individuals. You can automatically publish feeds in that room if it fits the groups interests, or users can specifically add items the rest of the group would find interesting. That member list becomes a directory where you can find other members' other social networking account info.

That was the idea behind the Physical Security Online room in FriendFeed.

New Social Networking Directory for Security Professionals (FriendFeed)

FriendFeed - Physical Security Online room

After making it to the fourth part of the Social Networking for Security Professionals series , it was clear that we needed some kind of directory. There is a pretty robust group of physical security pros that are now using social networking services, and it would be great to have a one-stop location to find them on each service. 

I looked at Wikis, LinkedIn Groups, Facebook Groups and others, but I think in a lot of ways FriendFeed's Rooms feature was custom made for this kind of thing. 

FriendFeed is a social media aggregator. Once you set up your account, and plug in all the social media accounts you want to share, it creates a custom "feed" for you. (Note: FriendFeed can handle almost EVERY kind of social media or network. You can have your FriendFeed include all your accounts, or just the ones you feel comfortable sharing. For instance, I share my Blog, Twitter, LinkedIn and a few others but I do not list my online photos (flickr , picasa ). ) For all intents and purposes, when we say "feed" we are referring to a RSS feed (which we will go into detail about in the next post of the series). But for our purposes now we can say that a feed is the best way to take a list of items (blog posts, tweets, status updates, posted pictures, etc) and make them available for use through other sites, services or readers. For instance, I join a lot of social networking sites that I'm not active in, and have no intention of interacting with on a daily basis.  But since I can plug in the RSS feed for my blog, anyone checking out my profile at that networking site sees up to date information. I can just set it up and forget it. 

What makes FriendFeed unique is that it takes all the feeds from your networks and puts them in one place. You can "friend" people just like the other networking sites but with FriendFeed, you're not just subscribing to one of their networks - you've got them all in one place. On your home page view, all your friend's feed items are posted in chronological order. Now, since many of us use services that post to multiple networks there is a lot of repetitive posts but that's normal. There are other services out there that do this kind of thing, but FriendFeed has been sort of established as the standard and in the most interoperable of the bunch. 

And that's the key. Sure, we can make our own social networking sites 'till the cows come home but that would be one more network to keep up with instead of using existing networks and FriendFeed to tie it all together. 

Essentially, you could just subscribe to that feed (your home view feed) in Google Reader or another feed reader and keep up with everyone across all their networks instead of one at a time. And with this Physical Security Online Room feed - you can do the same thing. 

Friend Feed's Room feature is a way for like minded users to connect, share relevant information and network. We can have specific blogs or accounts post directly to that room list automatically or share specific things manually. 

Right now - it's set up with the RTP PhySec blog posts to automatically run on the home feed, and the Twitter account for RTP PhySec which I run amber alert and other crime alerts through. 

If you'd like your blog listed automatically, just let me know. You'll need to have a RSS feed for your blog - just get me that URL or point me to it and I'll add it. 

You can also put a bookmarklet on your toolbar (or a bookmark) easily share things to that room. 

When you're browsing online, and see something you'd like to share with the group you can hit that bookmark to pull up this interface: 

You can choose which room to post the item to, what to call it and post a comment as well. For icing on the cake you can select an image to go with the post. 

Once members of the room join up, we'll have the directory under the "members" tab. From there you can click on a member to go to their homepage (not filtered to that specific room) or their posts in the Physical Security Online room. Each members social networks are listed on their home page. 

Social Networking (and Media) for Security Professionals - Part Four - LinkedIn

As far as social networking sites go, I see LinkedIn as the professional hub of that universe. It may not end up being a part of your daily online life, but it should definitely serve as the constant foundation for anything business related you do online. 

Think of it this way, 

you may not be looking for a new job, or beating prospective clients' doors down, but in this day and age of due diligence you can bet you're being checked out. Especially in the security industry where it pays to make sure you know exactly who you are talking to in any professional exchange. 

Listing details about yourself and your professional history are definitely the sore spots most security professionals have in using something like LinkedIn. We've been living under the view that we should keep information like that close to the chest, and reveal it only when necessary. 

Yes, it's true, there is a certain vulnerability you expose by listing your professional history - but it's nothing you can't mitigate by carefully thinking through the extent of information you release and the context you put it in. 

Overall, this contributes to my view that social networking can make the workplace and professional relationships more honest and transparent. This is beneficial to the reputable, honest professionals and an obstacle to the rest. 

LinkedIn is set up like Facebook in a lot of ways - in fact - you can think of it as the Facebook of business. You enter information about yourself,  and get linked to others you know or associate with. You have a home view that lets you see what all your contacts are up to, and you can interact through "Q&A", status messages, groups and other tools. 

Getting started, you can post as much or as little information as you'd like to your profile. It's always a good idea (with any social networking site) to look around and get ideas from people you trust before you set up your profile completely (I probably should have mentioned that when I was talking about Facebook and Twitter). 

Basically, your profile should be a thumbnail of your professional life. Someone reading your profile should be able to know about your experience, education and professional career. Some people post full-on resumes as profiles, not that I recommend that but I do suggest a brief overview. 

LinkedIn gives you granular control of what you want listed on your profile, or how much information the general public can see on your "public profile".

Your "public profile" is what's visible to non-LinkedIn users or people outside your network. The way they figure out your network is anyone within 2 degrees of your contacts (a friend of a friend). To me, that's a good way to handle the basic privacy issues because it filters out people totally unrelated but still allows for some freedom in finding people you may not be directly associated with. 

Also like Facebook, LinkedIn uses groups to help people with similar interests and professional fields communicate and collaborate. For instance, I belong to the ASIS International Group which has over 2,319 members. Through that group, members can ask and answer questions, post news stories (or blog posts) and even post and find jobs. 

But unlike Facebook, LinkedIn gives you business related tools such as the ability to write a professional reference for someone or other members can write one for you. Some people use these like crazy and others rarely do - but the standard adage applies - you get what you receive (if you want recommendations, write them for other people). You can choose to display your references on your profile or not - even list the ones you write or not. 

I use LinkedIn as my standard professional networking platform, not with almost daily interactions like Twitter or even weekly like Facebook. Although I could update my LinkedIn status along with the other two - I choose not to. Not that I have any specific reason, but I just don't see LinkedIn in that light for my own personal interactions with the service. I do look people up in LinkedIn after I meet them in conferences or other professional functions and ask them to join my network. And when I run into a situation where it would be helpful to talk to people from a specific industry, field or company it helps to look through your LinkedIn contacts. 

There have been some valuable connections I've make through LinkedIn, but I'll be the first to admit I don't use all of it's tools. I think that it's the kind of thing that you should definitely join and set up for sustained use, then see where it takes you. One thing I recommend when you're setting your profile up is to use a picture. It used to be a little narcissistic to put a face shot on your resume, but that thinking is long gone. In fact, most serious job hunters have an online resume posted somewhere that's available to recruiters and LinkedIn works even better than that. 

Most social and networking sites give you a way to easily direct people to your page/profile/account on their service. I didn't list this under Facebook or Twitter even though you can (click them to go there) - but I do talk about it for LinkedIn because it's a great idea to put this "badge" on your blog or website. It gives professional contacts a way to find out more about you and connect with you in more ways than they may originally think. 

I've been looking into the best way for us all to share social network info with each other, and have the ability for everyone to update their own listings without resorting to a specific industry website. I checked out the groups in LinkedIn - but they don't have a very usable way for group members to add themselves to a list with categories for the different social networking accounts. Facebook has more enhanced group options but since some people would rather not use Facebook for professional networking that's out. This may end up being an open spreadsheet that I'd give members access to. If anyone has any ideas - let me know!

Here are some security professionals who use LinkedIn. There are many many more, but I only contacted specific people that I know use social networking. If you want to be added - let me know. Like I said above - soon I hope to have a more complete social networking matrix. 

Rhianna Daniels

Salvatore D'Agostino 

L. Samuel Pfeifle 

Steve Hunt

Steve Surfaro

Bret Rachlin 

Brian Dean 

Chelsie Woods 

Tom Buckley 

Shawn Flaugher (me) 

Social Networking (and Media) for Security Professionals - Part Three - Twitter

Hype is part of the online world, and Twitter has probably been hyped more than any social networking app in recent history. With a huge amount of buzz around it but a small amount of people who "get it", it was destined to be the next big thing that was (and still is) referenced in mainstream media as an example of new media that only the hip kids "get". 

I hate that. 

You've got to put all that hype and buzz to the side and look at Twitter for yourself to get anything out of it. And even then it's not the kind of thing that's easy to wrap your head around overnight. 

One of the most repeated statements I hear about Twitter is; "at first, I thought it was pretty stupid - who cares about what I'm doing right now?" and that's exactly what I was thinking as well. But you have to think about why different groups of people may be interested in what you've got going on at any given time. 

I'm not trying to write the comprehensive Twitter guide here, just documenting the same information I give my friends in the security industry when we talk about Twitter. 

Friends

In a way, Twitter is about re-approaching your existing methods of communication and the ways you keep up with the people and things you care about. Currently, you have some idea what your friends are up to. 

From talking on the phone to hanging out around the water cooler to email or chat, you already have SOME form of communication. 

I don't know about you, but it's extremely difficult for me to take advantage of those forms of communication anymore. So - instead of each friend specifically reaching out to the other and having to replicate that effort with other friends, Twitter gives you another option. 

You post what you'd like to share when it happens or when you can, and your friends receive that at a time that's convenient to them.

Professional

Just like Twitter changes the way you communicate with your friends, it can enhance the way your professional network interacts as well. Posting a quick observation on an industry topic is easy - and believe it or not people want to see it. I follow people that are movers and shakers in their respective industries and gain a lot of insight by browsing their posts. The key is to find people who either post information or are part of something that is of value to you. 

I follow people from my own industry, sister industries and local industries that have nothing to do with my field. I've made valuable contacts through Twitter that would be impossible otherwise. 

Local

The Raleigh - Durham area (Research Triangle Park) has a tremendous network of people who use Twitter. We've even got some folks that are superstars in the twitter-verse like @waynesutton.

In addition to all of that, there are innovative people who use Twitter among other things and come up with brilliant online ideas like 30Threads (@30THREADS ). 

Use tools like the ones found on the TriangleTweetup website to search your regional area for useful groups, people and events. 

Day to Day

Because Twitter is a very bare-bones concept, and relies on 3rd party apps to provide specific features that individuals want. You can spend months going through 3rd party apps to find ones that work for you, but I'll list the ones I use for you later in the post. 

All the tweets (posts) from people you follow come to you in your friend's timeline in chronological order. This can be overwhelming to say the least, but your not expected to read every post. There is a way to make sure you know if someone wants you to see something specific by them putting the "@" symbol before your username. If they do that, the message will show up in your replies list. You can also filter out @/reply conversations between other people in your settings. If you want to see all replies - you see all conversations between your friends and whoever they reply to. You can choose to see only replies between friends you have or no replies at all (unless they are to you - then they go to your replies list). 

Confused yet? It's not as bad as it seems. 

There is also a way to share private messages with other users - if you put the letter "D" in front of the message it's treated as a direct message that only goes to the person you're sending it to. You can choose to have replies and direct messages sent to your email or even sent via SMS message to your phone. You can even choose to have specific people's tweets sent to your phone if you want, but I only recommend that in unique cases. 

I usually end up posting things I find interesting, funny or could be of value to my contacts. My last three posts are about my 5 year old son walking around the house singing "Benny and the Jets" to himself, how PETA is trying to make Duke Medical Center stop serving meat to patients, and letting people know I posted last night's Part 2 of this series.

The same thing applies to all status messages - don't try to SELL products, ideas or anything else. You have to give your network value, either from a personal friendship level, professional or even valuable information about your regional area (traffic alerts, news alerts, etc). 

There's nothing wrong with letting people know you have a new product, one of your products got an award, you have a new blog post or any other kind of self promotion as long as it's balanced with value and interesting to your network. But your network is also interested to know what problems you're facing as you are developing a new product or service, what you're working on and what kind of lessons you've learned in the process. 

Big note here - as security industry people - everything we do online should be filtered in a way so we are not compromising our integrity. It's not cool to talk about a lunch meeting you are having with a perspective client in most cases or specifics about new technologies if there are intellectual property factors. You wouldn't want your lead engineer tweeting about how he's found a way to compress video that puts your company ahead of the pack right? Keep this kind of thing in mind and always remember that whatever you post in any kind of status message should be considered public information. 

If your company supports the use of social networking and media - develop a policy to cover it and include the do's and do not's clearly. There are awesome benefits to using social networking but the dangers are very real as well. 

Does some of this sound familiar? Tweets can be a lot like your FaceBook status messages, and there's no reason they can't be. There are many ways to broadcast your status message to multiple networks and I'll include my favorites in the next section. 

Helper Services: 

Here are some of the top reasons to use helper services for Twitter - 

1. IM (or chat) style interface where you keep a little window up on your computer and see everyone's tweets. 

2. Spellcheck

3. Easy icon based ways to reply to people (@), send them a direct message (D), Re-tweet their message (RT) - forwarding their tweet to your network

4. Shorten long URLs so that your posts stay under the character limit. - if you want to list a link to an article, blog post or other item the URL is usually pretty long, there are numerous services that take that link and shrink it down for you

5. Post to multiple status messages on multiple networks at the same time (same status message on Facebook, Twitter, LinkedIn, etc..) 

Twirl is a nifty little app that gives you most of the features above

Tweetdeck does too - but also lets you make lists out of your network so you can organize the people you want to keep up with in categories(i.e. friends, professional, local) 

Hellotxt and Ping.fm let you post to multiple networks at the same time

Bit.ly is my favorite URL shortener service - it tracks stats on your shortened URL use and even lets you post to Twitter from their page. 

Selective Twitter Status is a way to update both your Twitter and FaceBook status just by using the "#fb" hashtag on your tweet.. what's that? I didn't get into hashtags yet? They are just a good way to track a topic because searching for the topic with the "#" symbol in front of it screens out the stuff you don't want. 

You can find many others here

and here

Security Industry People On Twitter:

If I've missed you - let me know and I'll get an updated list out

@brachlin - Bret Rachlin

@BtheDean - Brian Dean

@CampusSecurity - Campus Security at Queen's University

@chelsiewoods - Chelsie Woods

@dremeda - Andres Armeda

@idmachines - Salvatore D'Agostino

@info4security - Anthony Hilderbrand

@RTPPhysec - This Blog's

@Sam_Pfeifle - Sam Pheifle

@SDNEditor - Rhianna Daniels

@shawnf - Shawn Flaugher (me)

@stevesurf - Steve Surfaro

@Steve_Hunt - Steve Hunt

@thesteverussell - Steve Russell

@trbuckley - Tom Buckley

Social Networking (and Media) for Security Professionals - Part Two - Facebook

Introduction Continued

If you intend to use it or not, it's a good idea to join social networking sites just to "grab" your name. Social networking is all about branding yourself and believe it or not, there are people out there who try to "grab" user names for a number of reasons. If they think it would benefit their cause to spread misinformation - or even sell it to you if you want it bad enough. But mostly because you don't know if you'll end up wanting to use the service or not and it's better to stick with one user name across all services to avoid confusion. This - and many other things with social media may seem narcissistic at first but there are other reasons. In social media it's common for users to refer to one another by user names with the "@" symbol in front of it. This is because, on Twitter - it's how you let someone know you are talking to them or want them specifically to see your post or comment. If the system sees your user name with the "@" symbol in front, it labels it as a "reply" which you can set up alerts for or get forwarded to your email. Many people (myself included) set up google alerts for their user names with the "@" symbol in front of it to see when it's used anywhere online. That way - if someone comments on a flickr image, blog comment, or just about any other form and refers to you - you'll know. 

In addition to the major networks I listed yesterday, there are many other helper services that make it easy to integrate social networks' features. When I say many - I mean a TON and when I say easy to integrate there are some more usable than others. I don't claim to know the best ones out there and different people like different features, but I'll try to include the helper services that apply to the networks as I go over them. 

I've got some great feedback after yesterday's post and thank everyone who contacted me.

As I suspected, my security contacts gladly share their user names to some networks but would rather not broadcast others. Most of us have networks we use for more of one side of our lives than the other and it's tricky to balance it all. For instance, I gladly share my LinkedIn info with anyone who wants it but I'm a lot more selective with Facebook. So don't be surprised if there's not a long list (or any) security related Facebook users listed after that section. 

Facebook: 

I consider this one of the most influential social networking sites out there. Facebook has the power to reunite people with friends from the past - or unite people that have never met in more ways than ever before. But, it also has the power to let people find you and possibly peek into your life from afar who you'd rather not have anything to do with. 

The great thing about Facebook when it comes to security is that it's set up in specific "networks". There are basic networks for regional users - but it's the specific company and school networks that bring the feature to life. For instance, you can join the Harvard University network if you have a "Harvard.edu" email address and can answer an email to that address to prove it. 

Information that you share can be filtered to a very specific level - so you can share more personal information with your specific corporate or academic network and basic information with your regional network. But even with all this filtering, it's a good idea to be careful not to post information that can be used against you, and since you have no control over what some people may do with images you post - even if they are your friends - try not to have licence plate numbers, house numbers or other sensitive info included. 

A feature from Facebook that's replicated across the board with other social networking sites is the home page concept. When you go to your home page, you see all the activity from the people you have "friend-ed" (to be a "friend" both of you must agree to "friend" each other). 

Although there are a lot of fluff-apps available for Facebook, you don't have to participate in them if you don't want to and no-one holds it against you. For instance - a friend may "throw a snowball" at you and you can have a "snowball fight" if you agree to install that specific "snowball fight" app to your profile. Most of it is harmless fun. 

Another Facebook feature that is a key part of most other social networks is the status message. You can update your status message with whatever you are doing or want your friends to know, and they see it whenever they go to their home page or browse friend's status messages over a mobile device. You can update your status message from anywhere, which makes it an ideal way to broadcast information to people you care about. This used by some to broadcast every detail of their life, some constantly use it as a sales tool. I suggest  posting status messages that you think people who care about you would enjoy knowing or should know.  

Personally, Facebook bridges the gap for me and encompasses both my personal and professional life. It's the fastest way for me to share things I think are important with the people I care about and I can easily filter who can see what. My personal friends have to put up with my status messages updated about the security industry and my professional friends have to put up with updates about my son, but if any of them get tired of it they can "see less" of my status updates on their home pages. But you'd be surprised how many times professional contacts grab me after meetings or stop by to talk about personal topics (from what they have seen on one of my status messages). Or even personal friends who find the professional information they get useful at some point in their career. Take note if you are in the market to develop business: If you manage to post professional info on your status messages without your friends tuning you out - eventually they will run across need for your services or know someone who they'd like to refer you to. I don't have to tell you that personal references sometimes net the best business relationships. 

If you are involved in higher education or even high school education, Facebook is a must. But one word of caution on this and all social media - no-one likes someone that uses social media as an obvious sales tool with no personal interactions. That could mean selling a product - or an idea - no matter how important that idea is to you. Take note if you try to keep students safe:  If you are constantly using Facebook to preach safety and security to students - you won't get very far. But if you provide useful security information to the students (or staff members) like crime alerts or post useful articles that they can visit it can be extremely effective. In fact - students have even expressed to me that they'd use a Facebook app that would give them crime alerts and let them submit reports of suspicious activity through Facebook. This already exists for some institutions with varying degrees of success. (Spotcrime , GMP Updates ) 

Wish there was a way to hype up your cause or business on Facebook without pissing everyone off? There is - "Pages" and "Groups" are there to let you get the word out and offer other users the availability to subscribe to updates you post to the "Page" or "Group" so they get your real time updates that way. 

In conclusion, I definitely suggest using Facebook. Just be careful about it and proceed slowly,  finding how it will work best for you. There's no harm in building a network of both personal and professional clients as long as you are not trying to use it to convince anyone of anything. 

Helper Services:

Since the Status Message is such an integral part of social networking, many Helper Services have sprung up to help you post to multiple networks from one place. For instance, if you use Facebook, Twitter and other networks and would like to use the same status message to update each, you can use a service like Ping.fm or HelloTxt,

You can even filter messages based on network groups you set up. That way if you've got networks you use for personal or professional reasons only - you can update status messages for each group separately. 

Social Networking (and Media) for Security Professionals - Part One

There is an inherent conflict between physical security concepts and the basic theme of most social networking services. For the average user the conflict is minimal, but for security professionals it can feel almost unnatural to share information about ourselves in that kind of medium. 

Facebook, LinkedIn, Twitter and other services are amazing tools for social and professional networking. But, like most tools the benefit you get out of them has a lot to do with what you put into them. That includes a degree of personal information, and for many - an uncomfortable trip into the uncharted waters between your personal and professional life. 

In a lot of ways, this is the same difficult learning process people over the age of 30 are going through as "friend lists" start shifting from mostly personal relationships and a few professional friends to a more balanced mix of personal and professional contacts. At some point, they have to find the happy medium where they can get the valuable benefits of being candid - without risking safety or professional status. 

Looking at this from a global perspective, I think social media, networking and Web 2.0 in general could bring about an important change in the corporate landscape. People will learn how to fuse professional and personal relationships in ways that were unheard of before. The end result should be refreshing honesty and candor bleeding into what most people consider a huge rift between the two worlds. 

In the security field, we are constantly warning people about publishing sensitive information that can be used against them. We've all seen cases of cyber-stalking and harassment but worry about more serious crimes against our clients/staff/friends. Of course there are security features available and privacy partitions between what you'd like to be public and private information. But since most people don't understand how these things work, they are not always used property - and sometimes not at all. 

I've pulled together some observations on a few of the popular mediums. Being a shade-tree sociologist and old-school technology geek I've checked into many of the services out there. Being a security professional, I've applied that point of view to hopefully come up with information that's useful to other security professionals. Starting with Facebook, I soon realized there is no way to cover everything in one post (at least one that can be absorbed in one sitting). So, this will be a multi-part piece so I can focus on each piece and drill down on the good stuff. It also gives readers a chance to chime in with any thoughts or requests for specific networks or services. 

And as a bonus, I've reached out to my contacts in the security industry who participate in social media to ask if they would mind if I listed their accounts as part of this total series. Hopefully, after I cover a service I will be able to list some security professionals who use it as well. If you'd like to be listed, let me know. 

If all goes well, it should look like this: 

Part #2 - Facebook and Myspace

Part #3 - Twitter

Part #4 - LinkedIn

Part #5 - Social Media and Cloud Computing 

Another Activist Firebombing, UCLA Stepping Up Protection

On the heels of some significant progress, we are reminded that the danger is still out there.

Just a few weeks ago, activists were arrested for their roles in incidents against UC Berkeley and UC Santa Cruz researchers.

Just a few days ago (March 7th), a vehicle owned by a UCLA professor and neuroscientist was firebombed outside his residence. There were no injuries reported, but the Animal Liberation Front (ALF) calmed responsibility for the attack on their website March 7th.

The LA Times is reporting that a Joint Terrorism Task Force will be investigating the incident, made up of the FBI, LAPD, LAFD, UCPD and the ATF.

I'm hoping that the momentum started by the February arrests is used to swiftly investigate last weekend's firebombing and the responsible parties are arrested.

UCLA is offering a $25,000 reward for information leading to the arrest an conviction of anyone involved, that brings the combined total to $445,000 (including funds put up by others in the joint task force).

That is a great measure by the university, and certainly helps to bring information in - but I'm also relieved to hear of other measures the school is putting in place as well.

The Daily Bruin is reporting that the increased protective measures include the UCPD organizing patrols in the neighborhoods of targeted researchers, security officers placed at some of the researchers' homes and enhanced security systems. Just to be clear, that article was published on the 2nd and this most recent firebombing occurred on the 7th.

A lot of educational institutions are slow to take these kinds of steps because it's difficult to standardize as-needed protection. Universities can make a lot of enemies for many different reasons, especially if they promote ground breaking research or support controversial ideas.

In a perfect world, the dangers faced by researchers, professors and other fixtures of higher education would be mitigated across the board by comprehensive security policies and protective measures. But unfortunately, the higher education environment is usually ultra sensitive to any security measure, and is easily frustrated with what they see as roadblocks to the free exchange of thought and ideas.

It's the terrible nature of our profession, to sometimes only see progress and support for what we recommend in the wake of tragedy. It took shootings like the Virgina Tech and Columbine for many people to take the active shooter threat seriously, and although the dangers faced by researchers is a much more specific case all-together, a lot of the same obstacles to progress apply. I applaud the UCLA administration for taking these steps.

The Usual Suspects

It's common for me to talk to clinical staff about how they handle unauthorized access to their wards. Unfortunately, one of the most common phrases I hear is: "we question anyone who looks out of place".




Now granted - you should approach people who look out of place, but clinical staff members need to understand how dangerously inadequate that line of thinking is.

Case in point? - The recent infant abduction in Santa Barbara.  

Turns out that the abductor was dressed like a nurse, or nursing student and fit very well into what anyone would expect a normal staff member to look like. The infant's mother even handed the child over to the abductor - thinking there was nothing out of the ordinary.

Leianna Arzate is the suspect in question, and to me - would not raise any eyebrows whatsoever in a pediatric ward, especially if she was dressed like a nurse.



I'm not familiar with how the Santa Barbara Cottage Hospital handles security policy and procedure, but there are a few no-brainer ways to significantly mitigate the threat of infant abductions and help staff members keep tabs on who is where in the wards.

Visible ID badges should be a standard in any clinical environment. They allow anyone to quickly verify someone's name/image/title and other information just by looking at an ID badge displayed over waist level.

Color coded ID holders, scrubs or other items of equipment are a great way to help staff sort out who is who quickly. You can give your pediatric staff one unique style of scrubs (that can't be found "off the shelf") and make it difficult for someone to look just like everyone else. You can also issue ID lanyards of a specific color or style for the same reason. With a little creativity you can come up with a system that's difficult for an outsider to detect but still effective for staff members to use everyday.

It should go without saying - but a strong visitor access control policy should be the cornerstone of any security plan in this environment. If you're controlling entry to the space, categorizing visitors and making them easy to identify - you're setting the groundwork for every other tool that can be added or tweaked to achieve the best fit for your staff.

Just skimming the surface here, but I felt it would be a good thing to share. I'm always writing / working on this kind of topic so feel free to let me know if it's something you'd like to see more of.