December 5, 2007 - Volume 2, #160
Good Morning:
All's fair in love and war - or so the saying goes. "Fair" is kind of ahard concept to grok, especially for a kid. Last night was the firstnight of Hanukkah, so the kids were very excited - especially when the Boss lined up all the presents by the fireplace. But then there is the inevitable, why did he (or she) get more presents? THAT'S NOT FAIR!
Of course, the fact that we got Lindsay a bunch of fake jewelry that in total amounted to about half the price of the High School Musical 2 calendar that we got Leah was totally lost. It's not about the value - it's about the sheer number. The boy was enamored with his Pirates of the Caribbean towel, so we didn't hear a peep from him. I'm thinking that next year we'll just get the kids 20 M&M's next year. Then they'll have nothing to bitch about - except the 3 cavities they'll get.
Talking about fair, down in the ATL there was a lot rumbling about how the BCS just isn't fair. The hometown Bulldogs were ranked 4, didn't play, the top two teams lost and they still ended up ranked 5 and in the lowly Sugar Bowl. How does that work? IT'S NOT FAIR.
But does it really matter? Part of me wants to tell the kids and the Bulldog nation the cold hard truth that life IS NOT fair. Why do some folks pick the right company and get rich, without doing much? Is it fair that the first masseuse at Google retired 4 years ago and now has her own foundation? Is it fair that an IT guy that is in charge of a high profile manufacturing system can actually become a hero and us security folks are lucky to not get a sharp stick in the eye on a typical day?
Life is not fair, deal with it. Personally I used to get all bent out of shape about things like this. It gets back to my hyper-competitive nature. I would see red when a competitor copied my announcement or fabricated features or basically just did the things that aggressive start-ups do to keep the lights on. I never got an ulcer, but I definitely could have. I took all of that stuff very personally.
I can say that working for myself has been therapeutic in that regard. Now I don't need to compete anymore, with anyone. I know what my numberis every month and if I can do that, I'm a happy guy. That doesn't mean that I don't enjoy working with clients that are competing in their respective markets. Or working with companies that are trying to treat security more strategically. That's a lot of fun and really the part of my job that I love the most. But not having to own it has been great for my quality of life.
Not that everyone can just step off the hamster wheel and make it work. I know how lucky I am that I can and have. But as we are entering the holiday season and we all need to take a look at 2007 somewhat critically before we head into 2008, really take a look at what is fair, what isn't, and whether it really matters at the end of the day. If you aren't happy doing what you are doing, put a plan in place to make some changes.
You don't want to look back in 20 years and say it wasn't fair. Have a great day.
Technorati: InformationSecurity [1], CSO [2],SecurityMike [3], InternetSecurity [4]
 [5]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [7]  [8] |
TopSecurity News
"next generation" firewall (as covered in Dark Reading) [9], my conspiracy theory gene goes into high gear. Like with every new version of Microsoft Office - do we really need any of this new crap? Is there any reason that we need to think about upgrading our firewalls? Don't they work pretty OK? As opposed to the office automation business, the attack surface is changing quickly enough that it does make sense to revisit the functionality that is built into our base defenses. So the new new thing in firewalls is this "application awareness," with folks like Palo Alto trying to convince customers that the firewall emperor has no clothes and they need to know more about applications. But the existing firewall powers will not lie down and they all are saying they already look into the application traffic. Do they? Who knows? Does it matter? Probably not. As long as the vendors say they do it, most customers are willing to believe them. Sad but true. It also turns out that the new new firewall also does alot of other stuff, like Check Point basically adding anti-spam to their UTM box [10]. Is it best of breed? Do you care? Is it good enough? Probably. So we continue to see stand-alone markets go the way of the dodo bird. Big is the new small, haven't you heard?
Link to this [10]
Interesting column here from Paul Raines,who is a well-traveled CSO, railing about the differences between US, British, German and French speakers [11]. His comments about the US speakers actually hit a bit too close to home, and there is definitely truth to the characterizations of the other geographies and cultures. So what? Basically, as a security practitioner within a global organization, you need to factor in specific cultures in how you tell your stories. The reality is the day of the CSO having an empire is over. The job is all about persuasion nowadays. You need to convince these folks that doing security well and adhering to the program and protecting the data is in their best interest. But just as each business unit will have different hot buttons depending on what they are responsible for, each geography will need to hear the story in the way that will resonate with them. And if you can't tune your message accordingly, your chance of success in persuasion is nil.
Link to this [11]
Reconnex announced an OEM for their DLPappliance with Cisco's IronPort group [12]. This is great news for a fledgling start-up, no? Doesn't this legitimize Reconnex as a playerin the DLP space, especially given that they are one of the only remaining start-ups? Well, yes and no. Clearly Cisco can pick and choose who they want to work with, so this does validate Reconnex's technology. But not the DLP business. If it was that real, then Cisco would have bought, as opposed to "renting." For some more bad news, let's remember that Cisco tends to NOT acquire the technology that they OEM. Anyone remember that host IPS technology that Cisco dealt with? I can't even remember the name, maybe Entercept. The history keeps repeating itself. Cisco figures out they can actually sell it, and if that works then they go shopping for the solution they really want. In the HIPS example it was Okena. Customers that bought Entercept be damned. There are examples of this in network management and lots of other spaces. So all that glitters may not be gold. UPDATE: I got this wrong. Please refer to December 6th Incite [12] for more details.
Link to this [12]
The Laundry List
- Irdeto (who?) buys the Cloak-ware. Now we need to deal with the Netherlands content security invasion? - Cloakware release [13]
- More giving away the razor to sell the blades (I mean renewals). McAfee signs up Cox as a distribution channel. - McAfee release [14]
- IronPort does their 2008 predictions, not much new here. Get ready for the flood of vendors trying to predict the future. Who will be the first to say they'll get bought by Cisco for $800 million? - IronPort release [15]
- The Mogull publishes his doctoral thesis on DLP. Does that mean we need to call him Dr. M now? - Securosis blog [16]
TopBlog Postings
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/ [17]
Linkto this [17]
http://www.networkworld.com/community/node/22541 [18]
Linkto this [18]
http://sm-blog.securitymike.com [19]
Check out the latest on the Security Incite blog
http://blog.securityincite.com/ [20]
Read the most recent Daily Incite
http://securityincite.com/security-incite-rants/daily-incite [20]