June 12, 2007 - Volume 2, #91

Good Morning:
I want to send out a big Happy Birthday to my Dad. You are an inspiration to everyone who knows you. 

Another birthday for the big guy does bring up the topic of aging. I recently reconnected with an old META Group colleague and his first thought was how gray my hair must be after 10 years or so. And he's right! I passed the tipping point between salt and pepper (now heavily weighed towards the salt end - blood pressure be damned) a few years ago. But it's all good, I have a lot of friends who don't have too much hair left. I'll take gray hair every day of the week.

My point is that every day is a gift. The fact that I still have my hair is a gift. Every birthday is a gift. It means we've survived the battle for another year, and we should rejoice. Unfortunately our lives are so complicated now that we don't take the time to do that. With all the activities, pressures, and frenetic motion, this time last year I was pretty much just happy to make it through the day. 

Now I know that's not good enough. I've made a distinct and conscious decision to have more fun. It's been a long process, and there certainly are days when poking myself in the eye seems like a less painful option - but overall worrying about things wasn't doing much but making me grumpy and taking the fun out of stuff that should have been a blast. I work every day at worrying less.

I'm not working with clients anymore that aren't fun. Life is too short and the money isn't that important to me. Even personally, the Boss and I are trying to spend time with positive folks that are fun to hang with. Those downers make you want to drink hemlock. It's just not worth it. They can go grumble and be pissed amongst themselves. I don't need any part of it.

I guess it's self-improvement week here at the Incite. We all have choices. We choose what we do every day, and we choose who we spend time with. As Steve Jobs said in his Stanford speech (which I linked to yesterday), if you look in the mirror in the morning and you'd rather be doing something else for too many days, something has to change. You can make that change.

Kind of like Richard Bejtlich, who decided to take a job with GE [1]. We'll certainly miss his commentary and thought leadership, but I'm sure his family will appreciate having him around and he won't have to worry about the crap that makes being a one-man band challenging. Hat's off to Richard for walking away on his terms to do something that he knows he'll love.

A friend back from Virginia puts "Carpe Diem. Make it a great day." at the end of every email he sends. At first I thought it was annoying and stupid. I figured he must have gotten lost in the self-help aisle at Borders and never escaped. But I've come to appreciate his sentiment. He's a guy that does seize every day with that unbridled optimism that makes some folks cringe. But there is something to be said about the power of positive thinking. Maybe I should right a book about that. It's a pretty catchy title, don't cha think?

So with that, Carpe Deim. Make it a great day.

Technorati: Information Security [2], CSO [3]

[4]	The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [5]

Top Security News

this piece on develop a code of ethical conduct for IT workers [6] is actually pretty insightful because we as IT folks do have access to a lot of things we shouldn't. I'm a big fan of saying no one is above the law, but I'm usually talking about the executive suite and the importance of monitoring what they do. But this also needs to apply to us IT folks. Who is watching the watchers? You need to know the answer to that question. Checks and balances work. Remember, the difference between the good guys and the bad guys tends to be the ethical compass that guides their behavior. Make sure yours points in the right direction. 
Link to this [6]

this review of SPI Dynamics WebInspect [7] (h/t to Jeremiah [8]) and I want to see what he has to say about Watchfire, and then some of the source code analyzers etc. Why should I wait? And what if I needed to make a decision RIGHT NOW. OK, off soap box. Looks like SPI has some work to do on AJAX and JavaScript, and given that is the preferred method of writing web apps today - it's a pretty big problem. Does Watchfire have the same problem? If all I had was this review to rely on, I wouldn't know. See, rolling reviews are problematic. They like SPI's new interface and there is a value for testers to find configuration errors and automate the way to find other holes in the application. But it just goes to show that we are still far off a tool that can duplicate what is in the heads (and hands) of application security folks.
Link to this [8]

Crossbeam announces the new "next generation" X-series "platform," [9] which cures cancer. Actually, it's bigger and badder and harps on their differentiation - best of breed. Of course, not to be outdone, Fortinet also announces a bigger set of boxes [10] and they also use the term "next generation." See, I told you - everything sounds the same. If you are a customer and you can afford these big boxes, then do a bake-off. That's the only way you are going to figure out what will work in your environment.
Link to this [10]

The Laundry List

Top Blog Postings

http://mitchellashley.typepad.com/the_converging_network/2007/06/aggregation_is_.html [15]
Link to this [15]

http://securitybuddha.com/2007/06/11/web-application-firewalls-lets-call-a-fig-a-fig/ [16]
Link to this [16]

http://infosecplace.com/blog/2007/06/09/managing-expectations-a-valuable-skill-and-worth-the-time/ [17]
Shimmy - http://www.stillsecureafteralltheseyears.com/ashimmy/2007/06/class_warfare_a.html [18]
Link to this [18]

http://blog.securityincite.com/ [19]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [19]