Skip navigation

The current uptake in high performance computing means mostly good things, but it also comes with a few built-in challenges. The paradox of this particular progress is this: when you scale hardware, you oftentimes scale power consumption, right along with it. My colleague, Shesha Krishnapura, a senior principal engineer from Intel IT Core Systems Engineering group, has some good news to share, in this podcast speaking with

The Register’s

Tim Phillips. Shesha says that “In the past, that power relationship has existed. But with Intel’s core microarchitecture  based platform, the power  envelop has remained constant while performance has climbed significantly.”


Check out Shesha’s podcast below.



Measuring the value of information security programs is difficult and a problem for the entire industry. Come join us for a 3 part series discussing the challenges, how Intel is taking a practical approach, and where the future may take information security metrics.


Last week, Matthew Rosenquist & I discussed why measuring ROSI is important, and the very difficult challenges in doing so.  In this second of the three part series, we will discuss a practical approach to determine value of information security initiatives.  Joining Matt & myself this week from Costa Rica is Enrique Herrera, who will discuss an actual Intel case study.


The show is 30 minutes, starting tomorrow (May 29) at 10:30 PDT.  To listen in, go to the OpenPort home page, and a little ways down on the left side you'll find the BlogTalk Radio link.  Take that link and follow the instructions.  You don't need an account to listen or participate in the discussion. If you can't make it live, you can also find the recorded sessions there too, after the show.


See you there!


Return On Security Investment - BlogTalk Radio

Thursday, May 29, 2008

10:30 AM PDT / 1:30 EDT

There's nothing like a little criticism to spark reflection and introspection. Well, usually after a hefty dose of denial and defensiveness first. But we're all about community self actualization here so I thought I'd take this opportunity to open up the dialogue and invite your feedbackpositive or constructiveon this site and our efforts in various new media forums across the web. Here goes.


Holding up the mirror

As a background, recently Open Port and our community managers received some criticism from the community-at-large that the site, and our technical experts, were too focused on marketing objectives. IT Blogger rodtrent on his blog complains that when he attempted to find vPro information on Open Port, he noticed in a discussion that the community was "inundated with responses from vendors about how their management product was the best." Additionally, in an Intel-sponsored forum on popular IT fansite Ars Technica a community member laments how he is tired of hearing the product name vPro in the forum.


So these criticisms are valid. We want you to know we hear you. And we wanted to ask more of you to join this conversation. What do you think? Are we "doing it right?" And by "it" I mean does Open Port enable tech enthusiasts and IT professionals like yourselves the opportunity to engage in technical discussions and connect with others who have similar interests in Intel technology?


The Nacho Analogy

In the spirit of engaged dialogue, I wanted to propose an analogy that might help frame the discussion. My colleague Bob Duffy came up with a brilliant one I thought I'd share with you. It has to do with nachos. He noticed that nearly every restaurant you visit includes nachos on their menu. And let's face it, some nachos are better than others, depending on the restaurant. So what makes a good nacho, you ask? Bob says it is the "cheese to chip ratio." The best nachos, Bob claims, have a well balanced ratio between cheese to chip. Too much cheese can drown the chip. And too much chip can be dry and difficult to swallow.


The same holds true, he argues, for commercial information in community conversations. Since this site is on, there is going to be some element of cheese (aka marketing). But the chip (aka non-commercial information) is the foundation of the information that is shared among the community and should be the crux of the community conversations. So what is a good community chip-to-cheese ratio? Is it 20% commercial information (or marketing) and 80% technical data?


You decide. And while you're at it, can someone please figure out how to make the real cheese as liquidy and gooey as the fake cheese product they put on nachos?

Everyone wants information security to be easy. Wouldn't it be nice if it were simple enough to fit snugly inside a fortune cookie? Well, although I don't try to promote such foolish nonsense, I do on occasion pass on readily digestible nuggets to reinforce security principles and get people thinking how security applies to their environment.




Common Sense.

I think the key to fortune cookie advice is ‘common sense' in the context of security. It must be simple, succinct, and make sense to everyone, while conveying important security aspects.




Here is my Fortune Cookie advice for May:

Two types of victims exist...
Those with something of value, and those who are easy targets.
Therefore: Don't be an easy target, and protect your valuables.




Now if I can just figure out how to stuff these little cookies...




So am I contributing to the problem of over simplifying security? Or am I reaching out to those who might not take an inordinate amount of time necessary to understand the complexities and nuances of our industry? You decide and feel free to share your knowledge-nuggets.

Are you considering social networking in your enterprise? Surprise! We are too. We started off the process with certain perceptions about what the application should do and shouldn't do. If you think that your employees (especially the younger ones) want social networking within the enterprise just to have "fun" - think again. If you think it is purely for improving collaboration and productivity - ponder more. How do we know? We did a focus group with employees who are recent college graduates. Here is what we learned.


  • Pulling in an existing external social networking application into the Intel environment is viewed very negatively. Even a "like" experience wasn’t well received. Gen Y'ers use social networking to connect with friends and to share outside-of-work experiences. They don’t want their personal life to become exposed in a work environment.

  • Fun in the work environment is more directly tied to “physical” spaces/experiences and not a social networking application. There was even an allergic reaction to the term “social” as applied to the networking application. Social = their life outside Intel. They said within a business environment it needs to be a professional network.

  • They expect to put a name to a face before they reach out to that person.

  • They want tools that will help them to find relevant & trusted information/people faster. An analogy they used to describe the tool is your school yearbook entry + phone book+ management hierarchy.

  • The application needs to be integrated with current destinations & other communication tools. Presence and a unified profile are very important to them. They want the ability to view another employee's profile in our internal Phonebook or email and within that application begin an instant message session with them. They explicitly stated that if we create another disparate application, they will not use it.

  • They want the power to personalize. They don’t want to be fed the information that an administrator thinks they want- they want to decide what it is they will receive. They prefer the "iGoogle" like personalization.

  • The application must be easy to use & not require a lot of time. Recently, a lot of them are getting turned off by some social networking applications because they are too busy- too much noise.
         Gen X and Baby Boomers – do you agree with the younger generation? Other IT shops, what are you seeing in your environments? I would like to hear from you. In my next post, I will share with you what some others in our work force said when I posted these results in our blog.


In this podcast,

The Register's

Tim Phillips speaks with my colleague, Shesha Krishnapura, Senior Principal Engineer from Intel IT Core Systems Engineering group about developers' adoption of multi-core technology. Shesha sees that, while multi-core processors have become mainstream, now is an especially critical time for multi-threaded software, given the uptake in the industry and the increasingly urgent need for the software that will help to realize the higher performance potential of multi-core platforms. 


Check out the podcast below.




Good security conversations benefit all involved. The more we share, discuss, and challenge each other, the more we advance our industry. Thankfully, I have the benefit of working closely with a brigade of information security professionals and we banter at every opportunity, for the sheer pleasure and insights. In that same spirit, we hosted our first Blog-Talk radio session. This was a general discussion of the problems of measuring security.







The 30 minute discussion can be replayed here

Two other internet chats are planned. Everyone is welcome to participate or just listen in. Details can be found here.

Come join us!


The success of a security program is measured by an event that doesn't happen, so how do you know if you were successful? Matt Rosenquist, Intel’s Information Security Strategist will do a three-part series on Blog Talk Radio discussing the difficulties of measuring a security program.


Segment 1: May 20th at 10:30 AM (Pacific): The Problem of Measuring Security Part 1 of 3

Segment 2: May 29th at 10:30 AM (Pacific): Return on Security Investment - Intel Cast Study Part 2 of 3

Segment 3: June 4th at 10:30 AM (Pacific): Future State of Security Measurement Part 3 of 3


Our Blog Talk Radio segments are interactive and we will be taking live calls from listeners (Call-in Number: (347) 326-9831) and live chat over the Web.


What are your questions for Matt around security metrics?

Wouldn't it be great if we could buy an application and not have to worry about whether it was designed to run on Windows XP, Windows Vista, MAC OS X or some flavor of linux?


How about when you buy a personal computer you don't have to make a decison on whether it should come with Windows XP, Windows Vista, MAC OS X (don't you wish that was a choice today) or some flavor of linux - or nothing and you figure it out later?



What if every computer you bought came with a smal, highly efficient operating system that basically only acted similar to a virtual machine hypervisor, managing the allocation of resources to virtual machines (or applications). And by the way it was built into the "platform" supplied by the chip vendor and OEM's only aggregated components and added value where it counts - tools to better manage the virtual enviornments, as a peer process not as a "host" operating system.



This is the world that I would like to see evolve over the next couple of years (okay maybe 5).



Applications are compiled with the operating system extensions (purchased from today or tomorrow's operating system vendors) and sold as one package that runs on top of the thin/efficient operating system mentioned above. This way we as the consumers can worry about selecting applications and functionality and get out of the business of worrying about which operating system to buy - or worrying about which operating sytem the application will run on. We just buy the application!!! What a concept!!!



A nice extension to this would be to allow the ability to still have a more traditional "container" of applications for secure, managed interaction between applications and for providing a policy managed environment. But the applications should still be the same apps I buy to run independently - So how about an install option - standalone or in a "container" or ???



Now that would be cool.



In the summer of 2002 I received a phone call from one of Intel’s senior information security experts, Brian Willis. Brian had just returned from an event in Washington D.C. that he was very excited about. Gartner and the U.S. Naval War College had hosted a three-day seminar-style war game called “Digital Pearl Harbor.” The purpose of the war game was to involve industry for the first time in investigating the possibilities for catastrophic attack of and through the U.S. internet system. They had invited a number of private corporations to participate in this new methodology, and Brian attended as Intel’s representative.


At the time I was working on some risk modeling techniques, so Brian figured I’d be interested in what he had learned. He called and started with, “We have to do this!” He described the event and the possibilities he saw for Intel. The event was very successful and provided much valuable information to the sponsors as defenders, but Brian saw a different aspect. As an “attacker” in the game, he saw how easily and dynamically the attackers in cyberspace were able to build their own systems, business as well as technological, and emphasize their own priorities. The visibility that the game gave into this process came as a bit of a surprise to him and other participants, and Brian recognized how valuable this perspective was to understanding risks facing any defender.


So we decided to stage something similar at Intel, but focusing on the attacker viewpoint rather than the defenders. Although this is somewhat different than a classical war game, we kept the basic process (and the name “war game”) to keep it different from other risk assessment methods. It wasn’t easy to come up with our own game. At the time, there was very little about war gaming that wasn’t based on military objectives, and it was almost all from the defender’s point of view. I even called the U.S. Naval War College; they were very interested and supportive but had little they could share. But through the collective effort of many people, by the summer of 2003 we had put together our own Intel Digital Wargame. The game event itself lasted for two days, and involved nearly every Intel business unit organized in six cells spread across three U.S. cities. It was wildly successful, beyond our expectations, and all the participants said it was exhausting but also both the most instructive and the most fun event they had attended in a long time.


Since then, we have conducted a number of smaller games and continue to have good success with the process. Along the way we have refined it, although we consider it still very much a work in progress. The paper published here is a detailed description of our current process. If war gaming sounds interesting to you, or you are already doing something similar, I hope this will be of use to you. In any case, I would like to hear of your thoughts or experiences or best practices in this area, as we are always looking to learn and improve.


Wargames: Serious Play that Tests Enterprise Security Assumptions

Filter Blog

By date: By tag: