The Daily Incite - 12/22/09 - Are we there Yeti?

Submitted by Mike Rothman on Tue, 2009-12-22 10:21.
Today's Daily Incite

December 22, 2009 - Volume 4, #41

Good Morning:

Another of my holiday rituals is the annual pilgrimage up North to spend the winter break with my in-laws. This involves first packing up the family truckster, which includes the optional roof rack just to ensure we can fill the car to the gills with crap we don't need for a 10 day journey. But I gave up trying to get the Boss to pack the stuff we actually "need," so I just dutifully load up the car and get ready to go.

Hope your chimney is really big....The drive takes between 10-11 hours depending on traffic. Most of my friends send their condolences a day or two ahead of the trip, knowing what it would be like to spend 11 hours in a car with their kids. But I have to give thanks to Moore's Law, which has enabled us modern conveniences like the portable DVD player and the car stereo with the AUX jack, so my kids can watch movies for 10 hours, while I drive.

Truth be told, the trip is a lot harder on the Boss than it is on me. She's actually got to deal with them for 10 hours. Between the elbowing (it's amazing how even in a 7 person van, the kids have to poke and prod each other for a majority of the trip), the constant hunger pangs, the "are we there yet?" questions and the arguments about who gets to pick the next movie, I'm just glad to be the designated driver.

After 6 years of making this drive, everyone knows my process already. I get pretty grumpy when packing the car, since I know we don't need half the stuff we are taking. I get even grumpier when we are trying to get out of the house, since it takes an hour to do the last 5% of stuff to finally get on the road. And about 2 hours in, I get into the zone. I've got my iPod cranking music, the kids have settled in, and I just drive.

This year the Boss got a lot smarter about movie selection. Part of her agony was having to watch the kids movies/shows for 10 hours. I mean, who wouldn't be homicidal after listening to 4 hours of the Wiggles, and have another 6 hours to go? But this year, she hit the bargain basement DVD bin and came back with gems like Groundhog Day and Back to the Future. Amazingly enough, the kids enjoyed those classics and my wife was reasonably sane.

But this trip was a bit different in that we were trying to beat a pretty severe winter storm. The original plan was to leave around noon, but we called an audible at the line and decided to take off around 9 AM, and a good thing we did. We were literally on the front end of the storm that dumped almost 2 feet of snow on the Mid-Atlantic region. There were times we got ahead of the storm and were able to motor, but during the next potty or gas stop, the weather seemed to catch up and drop snow on us. If we hadn't left early, we may still be on the road.

On the last gas stop as the snow was really starting to fall, I could have sworn I saw the Yeti saunter in and buy a case of Bud. He was about 8 feet tall, had white hair all over, and was wearing a Lynyrd Skynyrd shirt. Who knew that the abominable snowman loved Southern Rock? I asked if he needed a lift further North, but he politely said a couple of feet of snow and a case of Bud was all he needed. Now that is a guy that understands his definition of happiness.

Have a great day.


Photo: "Happy Fun Yeti!" originally uploaded by spitecho
Technorati: , ,,

The Pragmatic CSO

The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com

Follow me on Twitter:

@securityincite


Twitter

I'm not sure where I'm going, but I'll get there in 140 characters - or less...

Incite 4 U


  1. All hail Czar Howard - Just as many of the pundits didn't think there would a US Cyber Czar appointed, it looks like Howard Schmidt will be under the White House Xmas tree this year. And all I can do is shake my head a bit and wish him good luck. Howard knows the folks that need to be known both in industry and within the Beltway, but part of me just figures this is moving more deck chairs around the Titanic. Will he be empowered? What is his metric of success? Maybe the public announcement will clarify these things, but most likely not. I suspect the best gift you can get Howard is a Redskins helmet. He'll need it as he bangs his head against the wall in DC for the next couple of years.
  2. Playing both sides of the cyber-ball - Given that a new Cyber-Czar has been named, it's interesting to check out John Pescatore's post here about playing cyber-offense and defense, and his point that the guys that play offense (hackers, et al) are not the right guys to be protecting the flanks. He speaks the truth because any senior security position is more political than technical now. It's about persuasion and operations, not about IPS Kung Fu. To be clear, John makes the point that the flow of information from the offensive minded is important (to know what you are defending against), but the skill sets are different. Yes, pragmatic fellow that Pescatore.
  3. FIRE burning on the dance floor - It's always interesting to see how other constituencies view security companies. This piece on Seeking Alpha about an investor's analysis of SourceFire is interesting. The guy makes interesting points about the seasonality of the business, and also has valuation concerns (what's the issue with a 60x earnings multiple?). But ultimately the stock right now is a mo-mo play. High valuation, but good growth and the Street pays a premium for that. But it also means that what the Street giveth, it will taketh away - at the first indication of slowing growth.
  4. Who's that router talking to? - A lot of us have spent years in the trenches and take a lot of good security practice for granted, which is always a dangerous thing. This piece by Joel Snyder on SearchSecurity is a good reminder that we need to be well aware of who and what our edge devices are doing. Joel's point here is to make sure outside access on promiscuous protocols like SNMP is turned off, which is good advice. It gets back to my opinion of Network Security 101. Lock down the traffic that is allowed to enter (yes, default deny), make sure you understand the traffic flows on your networks and look for what is different. Given we are dealing with an infinite attack surface, looking for anomalies is one of the only ways to keep pace.
  5. Amen to Risk Adjectives - Great post and point by Gunnar about the need to lose the generic "risk" term from our vernacular. Without some means to describe what risk we are talking about (the aforementioned adjective), the term is meaningless. And that's always been my big problem with anything risk-centric. The term can mean something different to everyone, and therefore it means nothing. So if you hear the "R" word come out of your mouth, make sure it's qualified so there is no uncertainty about what kind of risk you are talking about.
  6. Cisco's non-existent Security Strategy - Kudos to Jon Oltsik for beating me to the punch in questioning what Cisco is doing in security nowadays. My sentiments exactly. Since Jayshree Ullal left, it seems there is no one driving Cisco's security strategy. The STBU is really IronPort with new business cards. I mean, how old is the frackin Self-Defending Network? Cisco is making announcements around the fringe and not really evolving their strategy to deal with the evolution of the attack surface. As Oltsik points out, Cisco is still moving a lot of equipment, but that's because they are Cisco - not because the products are reflecting the market reality. You don't think of Cisco as a follower, but in security that's exactly what they've become.
  7. Facing your own demons - Many of us know Bill Brenner of CSO. You've probably spoken to him or at a minimum read his stuff at TechTarget or his current gig. But you didn't really "know" Bill. I certainly didn't. But through his new personal blog, The OCD Diaries, I am getting to know Bill a lot better. I knew he was funny and a bit quirky (who in security isn't?), but in reading about his battles to address his mental health issues and deal with loss, you gain a real appreciation for the man and for his courageous journey. Not many have the stones to bare their soul in a public forum, but those that do can teach all of us a lot. Keep up the good work Bill, both on the blog and on yourself.


Submitted by Bill Brenner (not verified) on Wed, 2009-12-23 08:13.
Thanks, Mike. :-)

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.