February 2, 2007 - Volume 2, #21

Good Morning:
It's Friday, and I once again find myself with too much to do for any 24 hour period. Compound that with all of the preparations required for my annual Super Bowl bash and it will be a busy weekend. But it's been a good week. Lots of comments on the newsletter telling me I'm wrong. That usually means I'm right, especially about market and industry evolution.

And I even got a call from a lawyer (general counsel for a vendor) complaining about something I wrote. Let's just say it was a short conversation because what I publish in the Daily Incite is MY OPINION. It may hurt folk's feelings and it may cause consternation, but it's not against the law. In the US, I am constitutionally permitted to write whatever I want, as long as it's not libelous or slanderous. So I do. One other point of note. Having a general counsel call me is the wrong approach. It starts the conversation on the wrong note. I get my guard up and usually go immediately on the offensive (ask the GC I spoke to yesterday). If you have a problem with what I write, call me yourself and we can talk about it. But get lawyers involved and the only thing that can result is ill-feelings.

Not a lot of security news because everyone is still in a huff about the Lite-Brite incident in Boston. It is pretty asinine because if those marketing billboards were bombs, why would they be in plain view? The objective of a bomb is to NOT be detected until it blows something up. Just another example of the idiocy of some folks. 

I do want to point to a blog post on McAfee's blog which goes after Symantec (here [0]). It's actually really funny and quite delusional. Just goes to show how finely tuned some folks rationalization engines are. Just because you buy something bigger and more expensive doesn't mean it's the wrong thing to do. You won't know if you paid the right price for a company until years after the deal closes. So McAfee continues to act like that annoying little brother that wants to hang out with the big kids, but just doesn't have the stones to do something to get you to take them seriously.

For those of you that missed it yesterday, both parts of the Pragmatic CSO podcast interview with Alan and Mitchell are now up. Part 1 is here [1]. Part 2 is here [2]. To be clear, this is a LOT of free stuff. I go much deeper than the introduction, as well as tip my hand a bit about what's next for the Pragmatic CSO. Short of buying the book (which you should do anyway), this is the most comprehensive description of the program yet.

Have a great weekend.

Technorati: Information Security [3], CSO [4]

[5]	The Pragmatic CSO is Here! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6]

Top Security News

http://blogs.zdnet.com/security/?p=9&tag=nl.e622 [7]
Link to this [7]

http://biz.yahoo.com/prnews/070201/sfth029.html?.v=83 [8]
Link to this [8]

http://www.darkreading.com/document.asp?doc_id=116041 [9]
Link to this [9]

http://www.informationweek.com/showArticle.jhtml?articleID=197002479 [10]
Link to this [10]

Top Blog Postings

http://siblog.mcafee.com/?p=65
[11]Link to this [11]

http://blogs.ittoolbox.com/security/investigator/archives/the-turkey-shoot-14221
[12]Link to this [12]

http://jeremiahgrossman.blogspot.com/2007/01/difference-between-security-assessments.html
[13]Link to this [13]

http://www.computerworld.com/blogs/node/4503
[14]Link to this [14]

http://securityincite.com/security-incite-rants/daily-incite [14]