Here's a thought... go into a Starbucks or a security conference and listen for all the sounds coming from the electronic devices being used by everyone. There are some great clues there.

Does it still make sense to use Firefox?

I have talked about this in the past, and I will continue to do so. A security product does not equal a good security posture.

A man accused of downloading child pornography has been cleared after hiring his own computer forensic expert. Question: Why didn't the prosecutor do the same thing??

Michigan has a bill in the Senate that would require computer technicians to report any child pornography they find on client computers during the normal course of their work.

Thinking about wearing your cool new Transformers t-shirt on a plane? If Optimus is holding a gun, think again.

Security seems to be getting boring now days. Is that a good thing or a bad thing? Ask your CIO.

So are you getting excited about a nice, long weekend for Memorial Day? Well, before you start cooking hot dogs and hamburgers, start thinking about putting procedures in place for you to be contacted if there is a security problem.

Professional social networking sites are great for your career. but don't forget that PEOPLE hire PEOPLE. Don't rule out using other social networking sites for your career as well.

Are you the uber-geek at your job who holds all the pieces of the network and security together? If so, do you ever wonder where the vendors are that used to cater to you? Hint: they're talking to your boss.

Are you looking for a solution to your security problem? If so, try looking at the whole picture rather than a particular technology.

Just because there is a law on the books does not mean you should start trusting that your private information is safe.

What happens when you stop securing your network at the level of compliance to a regulation? Ask Hannaford. And that is why I wanted to pull my hair out (if I had any) when I met with a client today doing the same thing.

Some people are still getting the terms mixed up for penetration tests, audit, assessments, etc. In informal company, sometimes that is OK, but when you are asking someone to do some work, the terms need to be defined well.

Some people think that security awareness is an exercise in futility. I think it is an important layer in security-in-depth, especially when dealing with the spear phishing that is going on these days.