What do you like most about your job? The constant challenge and learning keeps me going. Every day I need to investigate a new threat, new product or evaluate a new process. I love that I'm never looking at the same thing, and that my challenges always change.

Monitoring an illicit Internet Relay Chat (IRC) channel recently, Nicholas Albright couldnt believe what he was seeing. First, he observed a network operator sending commands to install keyloggers on thousands of compromised, remote-controlled computers. Then, all this private data started flying over the channel — HIPAA-protected medical information, financial account numbers, usernames and passwords.

Breach in Texas The University of Texas suffered its second major data breach in three years when more than 197,000 personal records were exposed at the McCombs School of Business. The breach compromised the Social Security numbers and other biographical information of alumni, faculty, staff and students of the business school. Not much is known about the source of the breach, though UT officials said they are working on an investigation. In the meantime, the university set up a website and toll-free numbers to direct those potentially affected to protect their identities.

This month's topic: Companies should use unofficial patches to fix vulnerabilities

Back in the old days, at least by malicious hacking standards, the simplest way to hijack a PC was to compromise the vulnerable entryways of the operating system.

As if dealing with skyrocketing numbers of new vulnerabilities each day is not enough, the IT security world must now brace for a new challenge: an emerging underground vulnerability market that could result in more zero-day attacks.

The uproar over foreign control over American interests was blamed for the break-up of one nearly successful IT security merger. Check Point Software Technologies Ltd., which is based in Israel, and Maryland-based Sourcefire broke off a $225 million merger that came under intense scrutiny by the Committee on Foreign Investment in the United States (CFIUS). "Basically we agreed to withdraw applications based on a couple of things," said Michelle Perry, chief marketing officer for Sourcefire. "First the complexities of the overall CFIUS process, the lengthy ongoing delays and the current climate for international acquisitions.

When it comes to third-party vulnerability patches, most security experts still believe patience truly is a virtue.

Do you run SP2 on your XP machine? If not, you really should. And, if you run a network, you really need to test it with your applications as soon as possible. Back in April, only 24 percent of 136,000 machines in corporate America had been upgraded to SP2.