March 4, 2008 - Volume 3, #22
Good Morning:
I don't know when it happened, but it happened. I got old. Yeah, the
gray hair is the first indication, but I have a genetic thing there -
my hair has been graying rapidly since I was about 28. I'm getting some
of those wrinkle lines around my eyes and on my forehead, but I figured
that's because my face was scrunched up most of the time to avoid
saying something mean. I'm sure my
facial expressions speak volumes, but I've been trying to not say what
I think to people I don't know well.
[1]But this has
nothing to do with the physical side. In fact, I feel as young as I
have in a long time. It's my mentality. I'm sitting in a lunch deli
grabbing a vege sandwich and two adolescents walk in. At least they
looked like adolescents. I couldn't believe either of them could drive.
Then they proceed to start throwing F-bombs and talking about the need
to go score some alcohol.
Evidently one of them turned 21 that very day, and he wanted to
exercise his newfound freedom. As opposed to remembering (or not
remembering) my 21st birthday (yes, I still have the empty bottle of
Jose Cuervo), all I could think of was how much I wanted to hit both of
these kids with a bat. I'm not even sure why, but that's what I was
thinking. Yes, it's a good thing that I work alone most of the time.
Then I got it. I'm friggin' old. I don't get MySpace. I'm not on
Facebook. I don't Twitter, but that's a topic for another day. My liver
is tired, I guess. Sure, a few times a year I'll tie one on. I can
still drink enough to sink a battleship when I get going. But most of
the time I'm not into it. My kids will jump on me just the same at 7 AM
that next morning, and it's no fun when my head is pounding BAD. No
amount of Gatorade and Advil can make that 7 AM wake up call feel good.
The Boss doesn't drink anymore, so without a drinking partner, it's
kind of lame to get all liquored up and then puke on the carpet. I
never wanted to be that guy that gets
hammered in the comfort of his own living room by himself. I guess it's
true. I'm
old. But all is not lost. I figure I still have a few great stories
left in me. Like my Dad, who passed out ON the bar at my wedding.
Literally. We had to get a wheelchair to cart him upstairs. Then he
booted all night and most of the drive back to NY. His Boss was none
too pleased, but we were - especially since we took pictures. Those
images still bring a huge smile to everyone who was there.
But the fact remains that I'm much closer to the end of my binge
drinking career than the beginning. I'll just let those kids be and
hope they don't get behind the wheel when they are tanked and hurt
someone. I'll be happy that I actually lived to tell the tales of some
of the really stupid things I've done. And I'll be grateful that I'll
actually have relevant advice when my kids get to the point that they
are all fired up to go and exercise their newfound ability to buy booze.
I can tell them I've been there, done that and puked on the T-shirt.
Have a great day.
PS: I finished up all of the Days of Incite last week (YAY!). You can
check out all the posts using the "Days
of Incite [2]" tag on the Security Incite site (say that 10 times
fast).
Photo credit: Happy Hour uploaded by chiwan [3]
Technorati: Information
Security [4], CSO [5],
Security
Mike [6], Internet
Security [7]
 [8]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [9] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [10]  [11] |
Top Security News
Internet Evolution column Patrick J. Dempsey
talks about international cybercrime [12] and why most governments
are horribly unprepared to defend themselves or their citizens. It gets
back to the money quote: "The fact is that Internet crimes are almost
always international crimes." That's right and further complicating the
fact is that most of the perpetrators hide behind layers and layers of
zombies and other obfuscation techniques to stay hidden. Organized
crime-based money laundering engines clean the money and it is
increasingly becoming a well-oiled machine. And it's not clear how to
stop it, and I doubt McDreamy's idea of Internet governance has any
legs. Gosh, we can't even get consensus in the US between our two major
parties, the idea that we are going to agree with China and Chechnya
about how to regulate the Internet - not likely. It would be great, but
it's not likely. Thus we continue to focus on trying to contain the
"shrinkage" to a manageable number and realize, like every other
business, fraud adds some drag to the system. And no, this Patrick
Dempsey is not the actor.
Link to this [13]
2008 Incite called Hack Thyself [14]
dedicated exclusively to it. But if it's good for the goose, evidently
it is good for the gander as well. According to Panda, the bad guys are
starting to test their malware [15] to make sure it works as
intended and can skirt the common defenses. This isn't novel, by the
way. Spammers have been banging their creations against all sorts of
spam gateways to test their stuff for years. With the availability of
free and/or cheap services, why wouldn't the bad guys take their stuff
on a test run? Stay focused on the prize, if the bad guys have figured
out that testing is important, what are you waiting for? Sure I know
the list is long, but how do you know what to do unless you know what's
really exposed?
Link to this [16]
surveys that show about the severe skills
shortage in the security business [17]. Here's the issue in a
nutshell: Most organizations are not realistic in what they are looking
for. The reality of the CSO's job today is that they need to also be a
talent creator. The talent isn't there, so we have to grow it. Look to
places like the network team or the help desk to find internal talent.
Or go to a bunch of the technical colleges that now have
specializations in security. These folks are motivated and they want to
make a difference, but they keep being stonewalled by short-sighted
companies that think paying Lee Kushner a boatload of coin is going to
solve their problem. It's good for the experienced folks, since their
perceived value goes up - but remember if these experienced folks are
so willing to follow
the money to your shop - what makes you think they won't continue
following the money? Establish a farm system. Invest in it. Give some
of these folks a chance. Or continue to complain about why you can't
find qualified folks to do the job. The choice is yours.
Link to this [18]
The Laundry List
- Cenzic's trend report shows what we already know, web security is an issue. Interestingly enough, IE was the "least vulnerable" browser in Q4. What the hell does that mean and why does that matter? - Cenzic release [19]
- Guidance announces Q4 and full year results. They aren't really covered by too many Wall Street houses, so it's not clear where the bar is. - Guidance earnings release [20]
- MSS continues to be the salve to ease all of the VAR woes out there. Just ask Ingram, who's now offering Alert Logic's stuff to their resellers. The real question is how much is left for Alert Logic with Ingram and a network of resellers with their hands in the cookie jar. - Alert Logic release [21]
- LogRhythm announces the latest version of their stuff. Marketing differentiation is gone from that market. Everything officially sounds the same now. - LogRhythm release [22]
Top Blog Postings
http://www.computerweekly.com/blogs/stuart_king/2008/02/a-few-days-ago-i.html
[23]Link
to this [24]
http://1raindrop.typepad.com/1_raindrop/2008/02/security-deploy.html [25]
Link
to this [26]
http://rationalsecurity.typepad.com/blog/2008/02/availability-co.html [27]
Link
to this [28]