The Daily Incite - 12/07/09 - Happy, Sad, Repeat

Submitted by Mike Rothman on Mon, 2009-12-07 11:44.
Today's Daily Incite

December 7, 2009 - Volume 4, #36

Good Morning {!firstname}:
Life is a roller coaster. Pure and simple. During a particularly difficult time about 15 years ago, my Dad sent me Seinfeld's book, with this specific passage highlighted:

"Life is truly a ride. We're all strapped in and no one can stop it. When the doctor slaps your behind, he's ripping your ticket and away you go. As you make each passage from youth to adulthood to maturity, sometimes you put your arms up and scream, sometimes you just hang on to that bar in front of you. But the ride is the thing. I think the most you can hope for at the end of life is that your hair's messed, you're out of breath, and you didn't throw up."

It's hard to keep that in context during the day to day grind. One minute you are up and then in what seems like the next second you are down. It's also a bit more challenging for security folks, because in general we tend to be somewhat cynical (OK, very cynical) and borderline paranoid. It's take me a long time to get in tune with my own peaks and troughs, and some days that presents a pretty significant battle.

Happy? Sad? Yes, just wait a few minutes.Take yesterday, for example. I was excited to go see the hometown Falcons play the Eagles. Yeah, I hate the Eagles. Growing up in NY and being a Giants fan means you pretty much hate the Eagles. I know hate is a strong word, but actually it may not be strong enough. I hate^2 the Eagles, so I was hoping the dirty birds would put a hurting on visitors.

Of course, my optimism lasted about 10 minutes and the reality of the impact of having 40% of the offense inactive set in. It was ugly, and totally compounded by the number of Eagles fans there to gloat. OK, they didn't gloat, they were pretty cool (especially for Eagles fans), but still. It hurt, and I was grumpy.

So I get back to Chez Incite and settle in to watch the Giants play the hated^2 Cowboys. Things started slowly for the G-men, and my mood was descending into dark places. The Boss was going to vacate the premises, but then at the end of the first half the Giants got going and held on for the victory. Elation personified. I'm not sure why football gets me so fired up, but it does. And given how the Giants have played over the past two months, getting a big win was awesome.

But then I need to take a step back. There were pretty low lows and pretty high highs all in the course of about 6 hours. And this was about football, not anything really important. I think part of finding balance and happiness is to acknowledge that there are some things that you CHOOSE to get excited about. That means you also need to accept that those very things will make you miserable at times.

Then the misery will pass. Just as the happiness will pass. This is the cycle we call life. Some can't deal with it and think there is something wrong with them because they get whiplash swinging back and forth between pessimism and optimism. There is nothing wrong with that. There is nothing wrong with them. It's called being human.

Have a great day.

Photo: "Ms. Happy, meet Mr. Sad 111/365" originally uploaded by SashaW
Technorati: , ,,

The Pragmatic CSO

The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

Follow me on Twitter:



I'm not sure where I'm going, but I'll get there in 140 characters - or less...

Incite 4 U

  1. Liberation and Thought Leadership - RockyD rocks the house on FUDSEC last week with a post about getting out of the rut many of us are in. There is a lot of good stuff in here (especially about focusing on R&D and better information sharing) and like most of the FUDSEC posts, it's about spurring discussion. Mort takes issues with some of the stuff on the Securosis blog, and I agree with his positions, so I'm not going to rehash. What I'm going to pick on is the part where Rocky advocates a "vendor thought leadership" approach to the more strategic problem set. Sorry dude, it's not going to happen. Unless you count having every vendor (or consultant) apply what's in their bag and position it as a "strategic" solution. The profit motive ensures that the job of the vendor (and in many cases, consultant) is to convince the customer the strategic problem-set is addressed by the products. I know you are advocating the exact opposite approach, but I can't see it happening because a quarterly mind-set ensures short cuts are taken at every opportunity.
  2. Noise level at an all-time high - The results of the annual CSI survey are out. The Help-Net Security folks did a nice job summarizing the findings. Basically we are dealing with a lot more incidents, but the average loss per incident is coming down. Hmmm. That wouldn't have to do with the fact that losses are not growing as fast as the number of incidents, eh? But the point is this is all noise. These surveys are interesting to look at in five year cycles to see where we've been, but not very instructive to understand where we are going. Fact is, we need to focus on blocking and tackling - STILL. And given that cyber-crime is a growth market, I don't expect these surveys to show anything remarkably different for years to come. The point is for you to not end up as one of the statistics.
  3. More noise about data breaches - The folks at Imperva were also kind enough to point out the fact that even though the number of reported data breaches is going down, the number of records compromised has exponentially increased. Which again is predictable. With some exceptions, the amount of work to steal a million identities is similar to stealing 50 million. So why wouldn't the bad guys go after bigger targets? And they have - successfully. Good for them. The point is the noise can be used for FUD purposes (yes, there is a time and place for fear, uncertainty, and doubt in every security practitioners bag), but it shouldn't be impacting our plans, strategies or processes AT ALL. Incidents and breaches happen, we know that. Blocking and tackling will help make sure you aren't low hanging fruit - but you will still likely be pwned. Then it's about making sure your incident response plan is where it needs to be.
  4. Santa in camo comes early for ARST - ArcSight announced their fiscal 2Q results last week, and the numbers were good. Here is the release and the earnings call transcript. 39% year of year growth and another quarter of strong cash flow. Lots of activity in the federal space, which is expected - given the focus on cyber-X that most of the defense and civilian agencies have. In fact, government revenues accounted for 49% of their quarter. As the federal markets figure out which end is up for FY 2010, it'll be interesting to see if/how the commercial markets continue to adopt security management technology. Given compliance mandates, everyone needs it - but there are cheap ways to check the box and there are expensive ways to overhaul operations. Which path commercial organizations take is still an open question (in my mind anyway).
  5. Rebranding SIEM - Speaking of SIEM, Independent Anton (did you check out his new consulting site?) has an interesting analysis of the SIEM market, bringing in some Ries marketing mojo and really trying to tackle the issue of perception vs. reality. Given that I know a thing or two about how to (or more likely, how NOT to) market a SIEM platform, the reality is that SIEM is not a must-have. I know about 10 vendors that will be jumping up and down telling me I'm wrong. But they are missing the point. Compliance is a must have, and that means some of the aspects of most modern SIEMs (like log management) must be highlighted because that's where the funding is. Once the funding is found, then it's about highlighting difference - such as with capabilities like SIEM or NBA or configuration audit. Anton is right that the focus must be on solving problems, not on flashing lights or even scalability. Until a customer is convinced a SIEM can solve a problem, how fast it is (or how many other capabilities it has) is really besides the point.
  6. Andreas' love note to 2009 - The analyst I now dub "Double A" for Andreas Antonopoulos does a little revisiting of his 2009 predictions in one of his last NetworkWorld columns for 2009. As you can see, there wasn't anything too controversial here and for the most part he was right. It turns out that if you keep your head off the chopping block, it usually is still attached at the end of the year. I'd take some issue with his "correct" prediction about mobile security, given the iPhone worm was only applicable to those with jail broken phones, but it's good to see someone holding themselves accountable for the things said. Perhaps Big Research will get into the act as well (0% probability).
  7. Cloud-based security services unite - I loved the Wonder Twins cartoon when I was growing up. And when I saw this announcement about RSA leveraging some of Trend Micro's threat intelligence in their own fraud detection services, the Wonder Twins popped into my head. The reality is this kind of information sharing is a good thing. Will it make a difference? Who knows, but it makes for good marketing since when trying to differentiate "cloud intelligence" it's all about how much data you have. What you use, on the other hand, is very likely a different story. Obviously Art (playing the role of Zan) transforms into a cloud. But what about Eva (playing Jayna)? What animal form makes the most sense for her? Leave your thoughts in the comments...
  8. Pretty good rules to live by - It's great to see other folks sharing their own life philosophies, and I'll point the interesting one's out as appropriate. I want to give Michael Dahn some props on a set of three "rules" that he lives by, that I think are applicable to most of us. The first is "nothing is impossible, the impossible just takes longer." Perseverance is a key to success, check. "Learn the good, avoid the bad" seems obvious, but is VERY hard to actually do. I've found that most folks have to learn the hard way what is good and what is bad. It's a rare bird that can actually learn from someone else's pain. And finally "never stop improving" which is actually a double edged sword. One of my problems is that I am never satisfied and that creates some real issues in knowing how good you need to be in any aspect of anything.

Submitted by Mike (not verified) on Mon, 2009-12-14 01:57.
Thank you for the link and kind words.  I appreciate all feedback but especially that which supports positive thought.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.