March 19, 2008 - Volume 3, #28
Good Morning:
Man, what a week and it's only Wednesday. I feel like I'm in tar. The
more I get done, the more that isn't getting done. Got to love the old
hamster wheel. But that's not what I want to talk about today.
Basically, it's about peer pressure. I hate peer pressure, but that's
just what I got at SourceBoston regarding Twitter. When I questioned
the value of telling everyone what I'm up to at every minute of the day
- it was like I'm an alien. Or as Martin so kindly put it, a "Luddite!"
Although I do know how to spell.
To be fair to
Twitter, I can see how useful it is during a conference. You can heckle
someone without getting punched in the head. You and your friends can
share jokes about the smelly AV guy (and the AV guy at SourceBoston was
quite smelly - take a shower bro!). And it does seem to be quick. But
for daily activities - I still don't get it. Right, I'm a Luddite.
So I figured I'd share how Twitter would go down for me on a typical
day.
Rothman 7:15 AM: Leah off to the bus. Twins are coloring. Need to make them breakfast. Twins throwing crayons at each other. Another day in the life.
Rothman 8:00 AM: Boss is up, I'm in the office. Scratching my ass. Maybe I should shower more often.
But of course, I can't forget the social aspect of Twitter.
McKeay [2] - 6:10 AM: Got up early to scratch Rich's ass - virtually of course. There is some kind of funky red residue. Don't ask.
MediaPhyter [3] - 7:15 AM: Finally found my Blackberry case. Also has a funky red residue. I'm not going to ask either.
Rothman - 10:30 AM: Forget this security stuff. We need to have an ass scratchers meet-up. Maybe after the blogger meet-up at RSA. Anyone game? I'll bring the latex.
Jack Daniel [4] - 11 AM: Anyone have a mixer? I'm thinking Coke Zero, though it turns your intestines into mush.
Beaker [5] - 11:15 AM: Just changed the name of my blog. Again. Survivability isn't any fun. It's all about sustainability. Rational Sustainability. Like we have to sustain all these crazy social networking things, even though there is very little value and even less of a revenue model.
Right. I don't quite get the value, but that doesn't mean I'm not going
to try Twitter. I probably will. But when I want to. Like when my Mom
offered me $100 to lose weight when I was 17. I promptly gained another
20. I guess I'm just difficult that way. I do stuff when I want to -
not when everyone else wants me to.
Have a great day.
Technorati: Information
Security [6], CSO [7],Security
Mike [8], Internet
Security [9]
 [10]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [11] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [12]  [13] |
Top Security News
Bill Brenner of SearchSecurity.com covered
it last week [14]. Of course other vendors - like Sophos - jumped
on with a push to use of their web gateway. Funny thing is Trend offers
a Web security gateway. Did they not have it running on that site? Did
it not work? I'd love to see Trend do a public post-mortem. But I doubt
they would. The reality is that everyone's number comes up at some
point. EVERYONE. We could all learn from how Trend handled the
situation, but I guess that maintaining the perception of invincibility
is more important - which is a joke.
Link to this [15]
7 habits of effective CISOs [16]." I
know Steven Covey's lawyers are probably picking through the piece to
find something to sue them over. At least I can feel good that I'm not
the only person Forrester's security team blatantly rips off [17].
Morality, patience. This sounds more like the Purpose-Driven life than
a set of tactics that security professionals should adopt. But there is
some decent stuff in there like running security like a business (damn
that copyright lawyer that told me the term was too generic), and to be
the king maker, not the king. That's a key clearly. The job of the CSO
is clearly becoming one of influence and persuasion - NOT
empire-building and mandating action. Ultimately the reason we see a
lot more CSOs coming from the business is because they know how to get
things done, and that is the #1 habit of an effective
anything.
Link to this [18]
We should embrace Web 2.0 "providing a
secure means of developing and deploying such applications." [19]
Hat tip to Tekrati for tracking the zillions of releases the big G send
out. How do I provide this "secure means?" Fact is, Web 2.0 is
happening and there isn't a damn thing the security folks can do about
it - even if we wanted to. I guess you could block Twitter and IM and
even blogs - but your users will hate you and they'll go somewhere
else. Especially the 20-somethings that actually realize they have a
choice about where they can work. I do agree we want to set some
policies and maybe even police things a bit, but that's why I take such
a pro-monitoring stance. I know we can stop this crap. I just want to
know when it puts the rest of my stuff at risk. Then I can REACT
FASTER. I know, you are shocked I worked that into the piece.
Link to this [20]
The Laundry List
- Yet another web security plug-in. Is Haute Secure worth anything? Not sure. I need to try it out. - WebWare Blog [21]
- Everyone ready for Cisco Patch Wednesday? The 4th Wednesday of March and September Cisco will release patches. Goody. I guess I'll plan to take those days off because everyone patches their routers immediately, right? Yes, that was a joke. - SecurityBytes blog [22]
- Secure Computing loses patent ruling to Finjan. What's next? Another two years in appeals court. WooHoo! - Reuters coverage [23]
- ArcSight avoids the FIRE curse. Good for them. They hit their first Q out of the gate. But now it's all about the next quarter. That's got to be fun. - ArcSight release [24]
Top Blog Postings
http://www.emergentchaos.com/archives/2008/03/you_cant_say_that_bloggin.html
[25]Link
to this [26]
http://rationalsecurity.typepad.com/blog/2008/03/the-walls-are-c.htmlhow [27]
Link
to this [28]
http://www.matasano.com/log/1026/seven-deadly-pen-test-sins/ [29]
Link
to this [30]