logo
Published on Security Incite: Analysis on Information Security (http://securityincite.com)

The Daily Incite - October 3, 2007

By Mike Rothman
Created 2007-10-03 06:45
Today's Daily Incite

October 3, 2007 - Volume 2, #138

Good Morning:
Interestingly enough, I get a number of questions about career development every month. Considering my career path, I find that nothing short of amazing. I guess folks are interested in the perspectives of an ADD-ridden (career-wise anyway) sort of technical guy, sort of marketing guy, sort of pundit guy - who's never held down a job for more than 5 years and has an opinion about everything.

I feel less than qualified to really advise people on career topics, but I'll certainly share my opinions for what it's worth. In reading Marc Andreessen's series on career development, including this fantastic second post about skills and education [1]. I kind of get the same feel. This is a guy who has been a success since he stepped off his college campus. His was one of the founders of Netscape and he's had a lot of success since then. He's been chief technical guy, CEO, Chairman, etc. Not sure he can really empathize with the young folks out there or the folks that have gotten to a dead end in their careers.

But the fact remains that you can learn a lot by seeing other people screw things up. The post is great and provides a lot of very actionable advice to folks at all career levels. Clearly Marc has picked up a lot in his travels. I especially like the idea of actually challenging yourself, as opposed to going through the motions and being busy because you don't know what else to do. To be clear, I've had a few advantages (education, supportive parents, etc.), but nothing was handed to me. One of the best days of my life was the day I didn't need to ask my folks for money anymore. I've been very fortunate to not have asked since then either.

I'm on board with the idea of getting a technical education. I've got a bunch of friends that went from Engineering School to business, medicine, law, even public service. Just because you study something doesn't mean that you practice it. That fact that I learned a trade in college (though I never actually practiced Operations Research) allowed me to step into a more in demand profession (computer programming) right out of college. I hated it and left within a year, but it got me started on my path of finding what I like to do. Most importantly, my technical education taught me how to solve a problem. Since I seem to find problems wherever I go, that's a pretty good skill to have. 

It's also great advice to constantly be striving to learn new things and expand your horizons. My Mom started to learn Spanish after she turned 60. It's great to see her engaged in a new pursuit and expanding her mind. It's never too late to take a class or pick up a new hobby or just read a book about a topic you know nothing about. What's the worst that can happen? You find out you can't stand Civil War history? Neither do I.

The best piece of advice I can give is to just try a bunch of stuff. Screw up. Find out what you DON'T like. That gets you one step closer to finding what you love. What you are passionate about. The reality is, if you hate your job you are going to suck at it. So find something you like and don't be afraid to change if you aren't happy.

I kind of had an unfair advantage in that department. My Dad started as a Pharmacist. One day he told us that he sold his Pharmacy and was going to law school. He was 38 at the time. Right, he made the decision to have no income for 3 years while he studied law and then he'd start building his own practice. That takes some stones. I learned that you don't have to settle if you aren't happy, no matter what the risks.

My father-in-law has a similar story. He left retail after 20 years and became a stock broker. He's never looked back and that was almost 30 years ago. He already knew what he loved to do because the Boss tells stories of him charting stocks on his days off from his store. Now he gets to do his hobby every single day. He'd do it for free, the fact that he get paid is just icing on the cake.

That's my big advice for the day. If you don't love what you do, find something else. If you like what you do, just not where you do it, find someplace else. Every day is a gift, don't squander it doing something you hate in a place that makes your skin crawl. Life is too short. It really is.

Have a great day.


Technorati: Information Security [2], CSO [3], Security Mike [4], Internet Security [5]

The Pragmatic CSO [6]
The Pragmatic CSO:
Available Now!

Read the Intro and Get
"5 Tips to be a Better CSO"

www.pragmaticcso.com [7]
 Get Your Special Report:
6 Easy Steps to Protect Your Identity
and
pre-order your copy today

www.securitymike.com
 [8]
Security Mike's Guide to Internet Security [9]

Top Security News

Stories like the CFO of Mesa Airlines getting into trouble for destroying data (though he maintains it was just porn), just make me cringe [10]. It's not like you don't have alternatives to be a little more "private." Buy a Mac and learn how to use private browsing in Safari. No, I wouldn't know anything about that. Actually Safari runs on Windows now, so you Windows deviants are in luck. It seems your luck is going to get better, since a UK company is introducing a new browser that leaves no trails [11]. No cache, no cookies, no nothing. It also connects through a proxy out in the Internet, so where you connect from can't be tracked either. Best of all, it runs off a USB drive - so there really is no trace. Wonder if these guys will be bundling it through some of the finer "subscription sites" out there? Maybe they need a business development guy.
Link to this [11]

Interesting article here on CRN about the fact that some VARs are not going to be able to make the transition from box pusher to service provider [12]. Many are having a problem as product margins are constantly shrinking and focusing the business on consulting or managed services is hard. It does require a different business model, go to market strategies, cash flow management, and about a million other things that are different. But you know the story - adapt or die. These kinds of eventual shake-outs are good. The fittest will prosper in this new age, where customers (especially small customers) just want a computing utility and they want that utility to be secure. Some security specialists may be going to market VIA an application or other infrastructure provider not too long into the future. Change is good, as long as you are on the right side of it.
Link to this [12]

Network Computing's Mike Fratto has it right [13]. NAC is oversold. There are features missing. No one has the whole product yet. And inevitably when this kind of thing happens for too long customers get disappointed. Then they wait. As products mature and requirements become mainstream, then the technology takes off. As long as a new exciting widget hasn't appeared to flash more shiny lights in the eyes of security professionals.
Link to this [13]

The Laundry List

  1. HP and Cenzic kiss and make up. Or one realized that the opponent spends more on toilet paper in a month than they've raised in venture capital. Either way, now everything is happy happy. - Cenzic release [14]
  2. McAfee goes for the "triple play." But it's really about trying to bundle more crap in before folks realize the consumer security suite is an endangered species (if Security Mike has anything to say about it). - McAfee release [15]
  3. No news is good news on Vista SP1. Maybe some drivers that work will be available, though Big AV is happy - they are getting their APIs to hook into Security Center.  - ComputerWorld coverage [16]
  4. More security marketing gone wild. Lumigent claims the most "comprehensive" PCI Solution. Compared to what? You can't buy PCI compliance, no matter what a press release says.  - Lumigent press release [17]

Top Blog Postings

http://www.emergentchaos.com/archives/2007/10/apples_update_strategy_is_1.html [18]
Link to this [18]

http://securosis.com/2007/09/24/the-data-security-lifecycle-beta-1/ [19]
Link to this [19]

http://jeremiahgrossman.blogspot.com/2007/10/1000000-xss-vulnerabilities-and.html [20]
Link to this [20]

http://securitymike.blogspot.com [21]

Check out the latest on the Security Incite blog
http://blog.securityincite.com/ [22]

Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [22]

Source URL:
http://securityincite.com/blog/mike-rothman/the-daily-incite-october-3-2007

Links:
[1] http://blog.pmarca.com/2007/10/the-pmarca-guid.html
[2] http://technorati.com/tag/information%20security
[3] http://technorati.com/tag/CSO
[4] http://www.tecnorati.com/tag/Security%20Mike
[5] http://www.technorati.com/tag/Internet%20Security
[6] http://www.pragmaticcso.com
[7] http://www.pragmaticcso.com/
[8] http://tdi.securitymike.com
[9] http://tdi.securitymike.com
[10] http://ethisphereblog.com/mesa-airlines-cfo-scrambled-to-erase-porn-not-valuable-evidence/
[11] http://www.networkworld.com/news/2007/100207-zero-footprint-browser.html
[12] http://www.crn.com/it-channel/202103682
[13] http://www.networkcomputing.com/blog/dailyblog/archives/2007/10/is_nac_ready_fo.html
[14] http://biz.yahoo.com/iw/071001/0308605.html
[15] http://biz.yahoo.com/prnews/071001/aqm117.html?.v=19
[16] http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=development&articleId=9039958&taxonomyId=11&intsrc=kc_top
[17] http://biz.yahoo.com/prnews/071002/netu093.html?.v=22
[18] http://www.emergentchaos.com/archives/2007/10/apples_update_strategy_is_1.html
[19] http://securosis.com/2007/09/24/the-data-security-lifecycle-beta-1/
[20] http://jeremiahgrossman.blogspot.com/2007/10/1000000-xss-vulnerabilities-and.html
[21] http://securitymike.blogspot.com
[22] http://blog.securityincite.com/