The Daily Incite - 11/20/08 - Sleep is good food

Submitted by Mike Rothman on Thu, 2008-11-20 10:29.
::
Today's Daily Incite

November 20, 2008 - Volume 3, #91

Good Morning:
I don’t get a lot of sleep. I burn the candle at both ends and that usually means the amount of time I’m checking out the back of my eyelids suffers. Like everything else, you adapt to the current situation. So I started to believe that getting 5 or 6 hours of sleep a night was enough. I figured I was one of those guys that could not only survive, but thrive on a limited amount of sleep.  I wouldn't want to be this guy's alarm...

I was wrong. You don’t realize how sleep-deprived you are until you get a decent night of sleep.

On Tuesday night, I slept in the tin can hotel. That’s my nickname for the red-eye back from the West Coast. I slept OK and got about 3 ½ hours of sleep on the four-hour flight home. Can’t really ask for more than that.

I just powered through the day, recording a webcast, doing some writing and the like. Then at 6 PM, it was on to kid duty. So I picked up the twins at school and took the three of them out to dinner. That was fine, though I did start to drag a bit towards the end.

Back home, get everyone ready for bed and by 8:15 I was about to collapse. Normally, I’d just power through it, pop open the laptop and get back to work. But last night, I figured I would jump into bed. So that’s what I did.

After 8 ½ hours of sleep, I feel like a new man. Seriously. I didn’t exactly jump out of bed, but I was not my usual grumpy self. No barking at the kids to get them ready for school. No angst when they start acting silly (they are kids after all). It really made a huge difference.

I also discovered that the kids tend to be less grumpy this morning. Maybe it’s because I was in a better mood. I’ll admit I’m not that smart, but I do recognize patterns. And this is one I can’t ignore. I’ve got to figure out a way to get a decent night’s sleep at least a couple of times a week.

It’s a bit early for New Year’s Resolutions, but that’s definitely going to be on the list. I think it’ll be good for everyone.

So shut down the laptop. Turn off the game and stop whatever you are doing at a reasonable time tomorrow. Get some sleep. It’ll help you enjoy the weekend and everything else. Have a good one.


Photo: "Sleeping cougar" originally uploaded by tambako
Technorati: , , ,

The Pragmatic CSO

 The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com

Incite 4U

Back to the grind of working through the list of stored links and finding stuff that's interesting. No real theme today besides some folks poking holes in the common myths that govern much of our life. Like you can build a consumer AV company or that NAC is a stand-alone business. How about whether a SaaS provider is better or worse at security than you. This and much more is revealed in today's Incite. Read on and enjoy!

  1. Let's all have a moment of silence for Microsoft's OneCare. Basically Redmond has decided to play the "if you can't beat them, give it away" game with consumer AV. I saw this first on the ZD Zero Day blog, though it's been big news the past few days. I guess it's a shelf space thing. They'd probably rather use their precious retail shelf space on higher margin stuff, especially given much of the retail electronics channel is either consolidating or going away. I'm sure it was a hard decision and a bit counter-intuitive for MSFT, given they usually throw money after losing markets for years. How will this impact the existing AV players? Not much. Inertia is so powerful in the consumer market and unless the incumbent screws it up, consumers tend to renew. Not even Microsoft's brand could help that.
  2. Kudos to the PCI standards council for actually listening and rolling out their quality process for assessors (pdf). That's right, this is QA for QSA's. But it's sorely needed. The variability is shocking. Some assessors are so inflexible, it's like they have a broom in their backside. Others are like jello, molding to whatever the customer wants. By implementing standards (or at least trying), this allows the clearing banks and card brands to point the finger at rouge QSAs. Sort of like risk mitigation for a standard that supposed to provide risk mitigation. The credit card business is figuring it out. Why take any risk, if you can blame someone else.
  3. What's in conventional wisdom? Not a hell of a lot. NetworkWorld looks to get a bunch of opinions about topics like security in obscurity, open source security and the like. Some of the opinions are interesting, but I'll get back to something I harp on frequently. If you adopt "standards" and do what everyone else is doing, you are working at the lowest common denominator and the bad guys have your playbook. In today's world, that's not good enough. Conventional wisdom will get you killed.
  4. Earlier this month, Adrian at Securosis did a detailed analysis of database monitoring data collection options. I'm a big fan of all things monitoring and at some point folks will realize the database is pretty important, and therefore it's pretty important to monitor the database. Adrian and Rich have published a lot of stuff about it and even if you aren't ready to attack this issue yet (you have other blocking and tackling to take care of), read the posts and start to familiarize yourself with the vernacular. If you aren't doing it now, you'll be playing catch up later.
  5. Yes, I like monitoring on the network as well. That tends to look like network behavioral analysis (the products formally knows as NBAD). NetworkWorld does a fairly detailed primer on the technology and helps customers to understand how it works and where it fits. It's NetworkWorld, so it's not perfect, but it's a start. Remember, monitoring helps you REACT FASTER and the network never lies. You may not need (or afford) a dedicated NBA offering, but figuring out how to monitor your network is critical to being a successful security professional. And yes, my overlords offer NBA as a part of the product.
  6. Will biometrics ever get there? I've been in this business for a long time and every couple of years the idea that biometrics is the solution to something peaks its head out of the muck. Is now the time? Given we have constant cost containment objectives in a tight economy, using stronger authentication and attaching that to a SSO could make some sense. But I'm still skeptical. Yes, SSO makes sense since it does streamline the user experience. But strong authentication on top of that? Not so much. So I'm still in the camp that biometrics are still a technology looking for a problem to solve.
  7. Standalone NAC or DLP? Not so much. NetworkWorld covers a Nick Selby presentation that lays out the reality that these functions are features - not companies. We've already seen a number of deals (and companies going out) and we'll likely see more. But not that much more. Most of the big folks that need technology in this space have it. That means there are a lot of independents, who's options are to continue to slug it out, perhaps execute magnificently and eventually go public like Sourcefire. Not sure I'd wish that on anyone I know, since running a public company is at least Ring 4 in hell. Or maybe the accept the reality of the market and find a partner (like Reconnex), regardless of price. Fact is, Selby's right about one thing. It's a buyers market out there and most of the buyers are looking for big time bargains.
  8. How secure is PaaS (platform as a service) options? Stuart King challenges the smart folks that says they aren't ready for prime time with a pretty simple question. Do you think a service provider has better security than you do? Hmmm. That's interesting and also true. Most enterprises are woefully unable to secure their own stuff. I can tell you platform providers spend a lot of time and money on security. Not enough, but there isn't enough time or money to do enough. I do think that on balance, most service providers will be more secure than the average enterprise. But they better be because it's the difference between trying to rob a bank and mugging people on the street. The banks security is going to be better because they've got more to protect (and more to lose). To net it out, PaaS is an interesting option and will become more interesting as time goes on, but we do have to start asking the right questions relative to security.
  9. When did NetworkWorld become TeenBeat magazine? As a little end of week humor, check out this slide show about IT's "Hottest Rock Stars." You know, the folks that can fill a room and make young girls and maladjusted programmers swoon. Times have to be tough in the media business if they are resorting to this kind of crap to generate page views.