Quick Incites - May 31, 2007

Good morning,  ARGHHHHH!
I'm sorry, if you receive TDI via email, yesterday was a kind of a cluster-F. My email service was down pretty much all day, and when they finally come back up - I get the exclamation point wrong and address you all as the very personal {first_name!}. Is it a big deal? Of course not, but it's annoying. So I'll once again apologize for amateur night here at Security Incite.

When you are dealing with a short week, Thursday really does sneak up on you. And this week has been short, but it's all good. Kicking back a bit and slowing the heart rate are pretty important to do from time to time. My normal level of frenetic activity will resume next week, with the P-CSO bootcamp and all and then a few launches (yes, the long awaited P-CSO community will finally launch in June) coming soon after. Then I jump headlong into a new project that I am very amped about. No I'm not giving details, but I plan to deliver some of my unique "incite" to a much wider audience.

Big spammer taken down, 50 others waiting in the wings - So it seems that Microsoft funded legal hit men have finally taken down one of the many spam kings. Here is AP's coverage. But as Mike Masnick mentions in TechDirt, does it even matter? The sad truth is nope. It's like taking out the heads of the terrorist organizations. There is chaos for about a day and then a new head grows back and business as usual continues. And since Soloway was a big zombie master, those owned computers get maybe a short respite.

Competitive intel is not dead - I know from my days on the vendor side that if you don't know EVERYTHING about your competitors box, then you will lose a LOT of deals. Finding and pulling apart the products of the competition may be a dark art, but if you want to win - you better get good at it. Chris Harrington shows some angst here about a vendor that doesn't do it right, and they look like schmucks. This is all the more important when you are going through the channel. It's hard enough to keep your own folks abreast of what the appropriate kill points are, but add in the channel and it better be right because the channel can just go to that competition if you aren't helping them win. Competitive intel helps them win.

Web 2.0 security, bah humbug! - I know it's a bit early to be breaking out my Scrooge costume, but you see this survey from Clearswift (oh how I love those surveys), covered in Dr. Dobbs (actually via Dark Reading, have you noticed that CMP republishes a crap load of their content between sites?) and you just think most IT folks walk around with their heads up their asses. I guess I've known for a long time that they do, but it's hard to see it in print. 34% don't monitor web usage, 45% have no policy on blogging, etc. etc. etc. All that adds up to me that most folks don't know the risks of inter-enterprise collaboration and they'll get burned. Just as they've been burned before.

The unbearable lightness of securing - Before I get too down in the dumps and start wallowing in my own malaise, let me mention the single best post I've read in a long time. Amrit shows his Zen colors and brings everything back into perspective in his unbearable lightness of securing post. I guess now I know why he calls himself the Tech Buddha. I thought that was just about his waist line, but evidently not. The point is that there is lots of stuff that is out of our control, and we can choose to worry about it. We can look at our job as one of futility or we can focus on the short term victories, on the daily evidence that what we do does help, on the fact that if we stopped one person from doing something stupid that our efforts mattered. There is no question that it's tough out there to be a CISO nowadays. But that doesn't mean it's not worthwhile. Anything worth doing is worth fighting for and that requires perseverance.

Now stop wallowing and get out there and do something. That's my plan. Go. See you on Monday, returning to the regular TDI format.