Friday Summary: May 1, 2009
Sometimes the most energizing thing you can do is absolutely nothing. Last week at RSA was absolutely insane, in a good way. It’s kind of like being a kid and going to summer camp. You get to see all the friends who live in other towns, you all go nuts for a week with minimal supervision, and then everyone staggers home all excited. Between the Recovery Breakfast, 4 official RSA panels, a Jericho panel, my 160+ slide Friday morning session with Chris Hoff, and the nonstop speed-dating during the day, and parties at night, I should really be in much worse shape. But I found this year’s RSA to be incredibly motivating on multiple levels. First, I think this is absolutely one of the best times to be in information security. Yes, major crap is hitting the fan all over the place, including massive national security, financial, and infrastructure breaches, but security is also hitting the front pages and reaching into the common consciousness. This is exactly the kind of environment true security professionals thrive on – with challenges and opportunities on all sides. As someone who loves the practice and theory of security, I find these challenges to be absolutely energizing and I wouldn’t want to be doing anything else. Well, except for maybe being an astronaut. Next, RSA was extremely motivating from a corporate standpoint. I won’t say much, but it validated what we’re trying to do, and how we are positioning ourselves. Finally, it was a very motivating week on a personal level. I used to have friends at work, and acquaintances in the industry. But these days I find some of my closest friends are scattered throughout the world in different jobs. I realized I spend more time interacting with many of you than I do with my local ‘meatspace’ friends outside of the industry. I especially appreciated the group that took me out for my birthday on Monday night – it really eased the pain of spending yet another family event away from my wife and (new) daughter. After RSA I took 4 days off, and the combination of intensity followed by relaxation was a major recharge, but didn’t leave me much content for this week’s summary. Except stay away from, like, every Adobe product on the planet since they are all full of 0days. One reminder – if you’d like to get our content via email instead of RSS, please head over and sign up for the Daily Digest (it goes out every night). We’re also thinking of creating a Friday Summary-only version, so let us know if that would be of interest. And now for the week in review: Webcasts, Podcasts, Outside Writing, and Conferences Martin and Rich on the weekly Network Security Podcast. I did a series of three videos and an executive overview on DLP for Websense. It was kind of cool to go to a regular studio and have it professionally edited. The videos (all about 2 minutes long) and Executive Guide are designed to introduce technical or non-technical executives to DLP. It’s all objective stuff, and cut-down versions of our more extensive materials. I show up in the Sydney Morning Herald, based on some TidBITS/Mac writing. Speaking of TidBITS, I wrote up some thoughts on how to read Mac security articles. I was quoted in a TechTarget article on cloud computing, based on my involvement in the Jericho panel. Favorite Securosis Posts Rich: The latest Project Quant post – we really need your feedback on the patch management cycle! Adrian: Rich’s post on the Security Industry Anti-Disambiguation Movement. Having watched this first-hand at a couple of startups, I know how well the mere mention of a competing technology by one of the major competitors could halt your POC process in an instant. Favorite Outside Posts Adrian: Favorite external was Greg Young’s comment on Becoming the Threat … An excellent analysis of something we see in society, and certainly something that is a problem here in Phoenix. Oddly, this is something I do NOT see with most corporate IT. Why is that? Rich: Chris Eng’s Decoding the Verizon DBIR 2009 Cover. Very cool. Top News and Posts Joint Strike fighter plans nicked. Will someone in charge WAKE THE FUCK UP! Good: Microsoft removes ‘AutoRun’ option for Memory sticks. Bad: Pushing 8 out through auto-update? What if I don’t want it? Targetted worms and banking scams. Adobe is having a seriously bad run. More 0days. Interesting take on WAF+VA. The Black Hat call for papers is extended. Blog Comment of the Week This week’s best comment was from Ant in response to Rich’s post on Security Industry Disambiguation Movement. Well I mint not have chosen those terms, but I personally* fully endorse the sentiment! A different problem arises where a perfectly serviceable term is pressed into use in several different but not wholly dissimilar markets, leading to ambiguity and confusion – e.g., identity management, policy management. So… it’s not strictly anti-disambiguation, but it some vendors are guilty of disingenuously using a term which doesn’t apply to them in their market. – Ant * i.e., this is not (necessar Share: