April 28, 2008 - Volume 3, #41

Good Morning:
Friday night I went to go see the Boss. No, not the Boss that I live with, but THE BOSS. That's right, Bruce Springsteen and the E Street Band. I do have to admit that I'm not the biggest Bruce fan. I do love his classic stuff. But he jumped the shark with Born in the US and was in a slump for a couple of decades. A few years ago, things started moving in the right direction (IMO anyway). The Rising was OK and showed some life and the new album (Magic) is fantastic.  

But that's the recorded music. If Springsteen comes to your town, you go. Those folks put on a great show. They played for about 2:45 and took like no breaks. The band was tight, really tight. You can check out the set list [1], but what was most impressive was the number of audibles they called during the show. Bruce would pull a poster naming a song out of the crowd, motion to the band, and they'd launch into it.

You can tell, even after doing this for 35+ years, they all still love it. It's their passion. There isn't anything they'd rather be doing. It was inspiring and got me to thinking about how many of us can say the same thing. Is there anything else you'd rather be doing right now? Do you feel that way more often than not? 

That's a pretty instructive question. Be honest with yourself. If the answer isn't what you think it should be, then start thinking about what changes you can make. Life is too short to be doing stuff you hate. It's not always possible, but you can strive for it, no?

Which brings me to my next topic, of a guy that has maybe too much passion. The NFL draft was this weekend, which means that loudmouth Mel Kiper, Jr. [2] was everywhere at all times. What a gig that guy has. I'm not sure what he does for the other 11 months of the year, but starting at the NFL combine, all you hear is Kiper. He's less grating then he used to be, but still. Thankfully we won't have to hear from him again until next March.

The G-men had a pretty good draft and being a Falcons season ticket holder, I'm hoping Matt Ryan lives up to the hype. The few days after the draft are always about what could be. Living in the future is OK, but sooner or later you need to get on the field and play. When does training camp start again?

It doesn't feel like Monday, does it? I think the weeks just keep running and running and running. I'm taking some time off towards the end of the week. So I'll be doing a P-CSO newsletter tomorrow and then the final TDI for the week on Wednesday. Many miles to traverse between now and then.

Have a great day.

Photo: "Bruce Springsteen & The E-Street Band en Madrid" originally uploaded by Bisharron [3]

Technorati: Information Security [4], CSO [5],Security Mike [6], Internet Security [7]

[8] The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [9]

Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [10] [11]

Top Security News

the survey they commissioned Frost and Sullivan to do [12], there will be 2.7 million security professionals by 2012. The survey also goes into a bunch of skills these security professionals need [13]. Amazingly enough getting a CISSP is top of the list. I'm kidding. The survey is interesting, but (and I know you are shocked) I have a different opinion. I think there will be 0 security professionals in 2012. That's right, ZERO. I think there will be network folks that specialize in security, and also some data center folks and even more application folks that are security specialists. OK, these are word games and a bit of semantics, but I think it's an important point. If anyone thinks their only job is going to be security in 4 years, I suspect they'll end up as a petroleum product sooner rather than later. OK, maybe not 2012, but I'm with most of the big mouth security pundits in saying security as a business will be going away within a reasonable long term planning horizon (7-10 years). So start practicing, "I do secure networks." Not "I do network security." There is a big difference. 
Link to this [14]

flogging the idea of reputation on all of the security devices [15]. This isn't a unique story (Secure and BorderWare have also been espousing reputation everywhere), but there is something there. If I can get a clue about the intent of someone trying to connect to my networks, then I have a better chance of reacting a bit faster to what they are doing, as opposed to waiting for my IPS to figure out it's really an attack. Reputation has worked very well in the anti-spam business. Its utility isn't as clear in the web filtering space and even less on the firewalls, but the concept makes sense.
Link to this [16]

Dana Hendrickson lampoons a recent Impulse Point release talking about "Green NAC." [17] No, that's not a NAC appliance you leave outside too long and it gets all mossy. These folks figure they can save you 92% in energy costs. Is that a key NAC differentiator? That would be first I heard of that. And the basis of the argument isn't that their industry standard appliance is any more power efficient than the other guys. It's that they require fewer appliances. Boy, that's a stretch. Let's suspect disbelief and think for a minute if this was true, why not just get one of the UTM devices that claims to do NAC as well? Wouldn't that save even more power because everything is on one box. While we are at it, why don't we just run VMware on the mainframe and have everything virtualized on the Big Iron. Power to the People. Bring back the mainframe. Bring it back right now! Who knows how to tie a noose?
Link to this [18]

The Laundry List

Top Blog Postings

http://thurston.halfcat.org/blog/2008/04/14/metrics-and-oranges/
[23]Link to this [24]

http://techbuddha.wordpress.com/2008/04/24/5-security-metrics-that-matter/ [25]
Link to this [26]

tie that noose [27].
http://www.emergencemarketing.com/2008/04/16/measuring-marketing-effectiveness-is-hard…/ [28]
Link to this [29]