• United States



Mac OSX for the CSO

Mar 26, 20072 mins
Data and Information Security

I am often asked how I can effectively perform my duties as Chief Information Security Officer using a Mac. 

Probably even more frequently I am asked how I can do all that a CISO should with a staff as small as mine. Wondering how many staff I have? Consider this, my entire staff is writing this. That’s right I have a staff of 1. Well really less than that on Fridays, every morning before 10AM, Mondays, the days immediately preceding holidays, Wednesday afternoons, everyday from 3:58PM to 5PM, …you get the idea. 

The point is that I am drastically short staffed and I need to be as efficient as I can with my time. I can’t lug around a Linux laptop and a Windows laptop everywhere I go. Likewise, I can’t stop using any of the Linux tools or stop using Word or Excel. Oh sure I could flip to Linux and use OpenOffice, but lets be frank. About the only good thing about OpenOffice is its price. The other side of that argument is that I could use only Windows. Honestly, who wants to do that? Unless you have a bottomless budget and are willing to accept substandard security tools, you would have to be a few DLLs short of a full load to use Windows in the security profession. 

I suppose the common perception is that the Mac is akin to a child’s toy and serves no useful purpose in the workplace. The reality is that most of the tools that I need to use daily have been ported to OS X. 

Tools like Nessus, Snort and Nagios all run on the Mac without problem. This gleaming silver lap warmer that I am typing on now is the best of all worlds. Suddenly with my Mac, my staff of 1 magically grows. I am able to efficiently spend my time not on a cadre of keyboards, but on one silver-keyed and backlit keyboard of the Gods. I sometimes daydream that Steve Jobs is my assistant, but that’s usually on Fridays, every morning before 10AM, Mondays…

Chad McDonald, CISSP, CISA, C|EH, PMP is a Senior Professional Services Consultant with Imperva. Chad has worked previously at National Student Clearinghouse, Centers for Disease Control and Prevention, Georgia Department of Audits and Accounts and is the former Chief Information Security Officer at Georgia College & State University. Chad has addressed numerous groups on topics such as business continuity planning, incident response, and information security awareness. Chad has spent the bulk of his career building, managing, and assessing information security for educational and research organizations. Chad has earned multiple professional security certifications. He is a member of the Information Systems Audit and Control Association as well as InfraGard, an FBI Task Force charged with protecting the nation's information infrastructure. Chad is active in the security community He worked with law enforcement agencies to assist in the prosecution of the first computer crime on record in Georgia and continues to assist local and state authorities with computer based investigations. Chad has investigated computer and computer-related crimes for local and state law enforcement agencies. Chad is an avid Mac user, since he was rescued from the dark side eight years ago. He currently conducts the vast majority of his work using a MacBook Pro and a MacBook. Chad looks forward to the day that he can stop referring to himself in the third person and actually pay someone to write his bio for him. The opinions and statements expressed here are those of Chad McDonald and in no way reflect opinions or statements of any employer or organization with which Chad is affiliated.