April 15, 2008 - Volume 3, #36
Good Morning:
Oh yeah, April 15. That's right. Everyone in the US knows this as Tax
Day. Most folks have their taxes done way ahead of time, especially if
they are getting a refund. But not me. No sir. I'd rather let the Feds
sit on my refund as long as they can. I wait until the very
last minute to get the taxes done. And I mean the VERY last minute. A
few years ago, I remember driving up to the post office (who thankfully
stays open until midnight) at maybe 11:30 PM to drop off my little
package - and make sure it is post-marked for April 15. No, it's not
very smart. I get that.
This was, of
course, before the time of e-filing. Now I sit in the comfort of my
office and bang out the taxes on April 14 or 15, and then hit send.
E-filing really has changed the way these things are done. Now I can
wait until 11:55 PM on April 15 and not worry about the traffic to the
Post Office. Of course, this convenience for me probably hurts the USPS
revenues, but oh well. Welcome to the
21st century.
And yes, I still do my taxes myself. Although I'm not really sure why.
For the
last 15 years I've been using TurboTax, and it works fine. My friends
keep telling me I'm an idiot and that I should have someone
"professional" do my taxes. You mean the folks at those strip mall tax
shops
(H&R Block or Jackson Hewitt) are professionals? Seems to me
they are basically baristas at Starbucks that make a little extra beer
money over tax season.
I'll take TurboTax every day of the week over the barista. Good latte.
Schedule C, not so much. Yet, I think my friends are referring to a
"real" accountant. Someone that does this stuff every day. They tell me
someone versed in tax law will save me lots of money, above and beyond
what TurboTax will. Maybe they are right, but it's unlikely I'll find
out. I guess I just like doing the taxes. Once a year, going through my
finances and seeing how the numbers turned out. I know, that's kind of
strange.
Yet, I'm not a big fan of paying taxes. I try to maximize my deductions
where I can, without going to jail - of course. It's not that
I don't think I need to help keep the country running. But I'd rather
direct my funds to charities I believe in, rather than the
multi-trillion dollar charity called the US Government. I'd rather send
some money to Jerry's
Kids [1] or the Cancer Society [2] (and I
do), than
the fat cat society of back room deals and pork barrel politics.
But every time I grind my teeth thinking about all the waste within the
Beltway, I remember back to some great advice my Dad gave me when I was
just out of college. I started investing in mutual funds very early and
I got my first set of capital gains distributions and the net was that
I owed quite a bit on my taxes. I called up my Dad and started
bitching.
He asked me a simple question: "Did you make the money?" I said: "Of
course I did." Then he said: "Pay the tax. And shut up. Be happy you
made money. Now get back to work and make some more." He's right. The
US affords guys like me an opportunity I wouldn't have elsewhere. So
I'll pay the tax.
And I'll also get back to work. The day is young, I still have tax
forms to wade through. Have a great day.
Photo: "Have
Fun & Get Your Taxes Done" originally uploaded
by Rachel
Smith [3]
Technorati: Information
Security [4], CSO [5],Security
Mike [6], Internet
Security [7]
 [8]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [9] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [10]  [11] |
Top Security News
this [12]
Solarwinds
S-1 [13]. You learn a lot about business models and how things
work by reading those things. If you are running
a security company and you aren't familiar with Solarwinds' business
model, you better figure it out. Thousands of customers, average deal
size less than $6K, web-based lead generation, inside sales
fulfillment. Huge leverage. Huge margins. Huge profitability. This kind
of model can apply to most technology sectors, but it's
especially applicable to security - where it hurts to write a big check
without the promise of accelerating revenues. Check out it. You'll
thank me later.
Link to this [14]
Stiennon
says it's SIM [15], there was
a lot of activity around virtualization, data leak prevention and, of
course, PCI and compliance. But it doesn't really matter in the real
world. That's the big message here. The real world does not care about
the RSA show floor. The real world is trying to integrate the
ridiculous number of agents on the desktops that are resource hogs and
inefficient. They are trying to get that IPS deployed, though it
probably looks like an integrated UTM. A lot of folks are still trying
to figure out how to deal with spam and web filtering issues (and yes,
the right answer is a managed service). They are worried about losing
laptops, so laptop data encryption is interesting to them. I'm not sure
whether the show
floor is 2 or 3 years ahead of the mass market, but those overhyped
technologies highlighted at trade shows are a head fake. The lunatic
fringe is
fun, but it's not reality.
Link to this [16]
The Laundry
List
- Lots of folks wonder how I do what I do (and get paid). Good article on small, "web worker" types of businesses in a March InformationWeek article. It takes some cajones, but it's possible. - InformationWeek coverage [17]
- It was also clear last week that application security is EARLY, like two or three cell bacteria early. Fortify is broadening the suite, and that's good - but you can't push on a string. - ZDNet coverage [18]
- Security outsourcing still causing angst. Don't these folks get it? It's about the stuff you don't want to do, or can't scale effectively. There are no awards for doing everything yourself! - NetworkWorld coverage [19]
- If you believe 802.1X is important for NAC adoption (which I don't BTW), then you'll be interested in the test of how switches support the protocol. Surprisingly enough, it's all over the map. - NetworkWorld Clear Choice Test [20]
- Shockingly enough, Seltzer's got it right about NAC. It's a feature, that's for sure - but it's going to be years before it's baked in. So there is a small window for the independents, but it's going to close quickly. - Seltzer's eWeek column [21]
- The next version of PCI DSS is due in September. Let's start a pool to see how it will change, and how screwed all of the retailers will remain - SearchSecurity coverage [22]
- Like giving it away is going to help... VeriSign tries to kick start it's VIP Network by giving away 5,000 credentials. The tribe has spoken and VRSN is not the IDSP (identity service provider). - VeriSign release [23]
Top Blog Postings
http://www.bloginfosec.com/2008/04/03/does-security-awareness-work-some-answers-from-experimental-research/
[24]Link
to this [25]
http://www.riskbloggers.com/jimreavis/2008/04/whats-wrong-with-firewalls/ [26]
Link
to this [27]
http://anti-virus-rants.blogspot.com/2008/03/av-comparatives-vs-panda.html [28]
Link
to this [29]