Incite 1/22/2014: The Catalyst
I was on the phone last week with Jen Minella, preparing for a podcast on our Neuro-Hacking talk at this year’s RSA Conference, when she asked what my story is. We had never really discussed how we each came to start mindfulness practices. So we shared our stories, and then I realized that given everything else I share on the Incite, I should tell it here as well. Simply put, I was angry and needed to change. Back in 2006 I decided I wanted to live past 50, so I starting taking better care of myself physically. But being more physically fit is only half the equation. I needed to find a way to deal with the stress in my life. I had 3 young children, was starting an independent research boutique, and my wife needed me to help around the house. In hindsight I call that period my Atlas Phase. I took the weight of the world on my shoulders, and many days it was hard to bear. My responsibilities were crushing. So my anger frequently got the best of me. I went for an introductory session with a life coach midway through 2007. After a short discussion she asked a poignant question. She wondered if my kids were scared of me. That one question forced me to look in the mirror and realize who I really was. I had to acknowledge they were scared at times. That was the catalyst I needed. I wasn’t going to be a lunatic father. I need to change. The coach suggested meditation as a way to start becoming more aware of my feelings, and to even out the peaks and valleys of my emotions. A few weeks later I went to visit my Dad. He had been fighting a pretty serious illness using unconventional tactics for a few years at that point. I mentioned meditation to him and he jumped out of his chair and disappeared for a few minutes. He came back with 8 Minute Meditation, and then described how meditation was a key part of his plan to get healthy. He told me to try it. It was only 8 minutes. And it was the beginning of a life-long journey. These practices have had a profound impact on my life. 6 years later it’s pretty rare for me to get angry. I am human and do get annoyed and frustrated. But it doesn’t turn into true anger. Or I guess I don’t let it become anger. When I do get angry it’s very unsettling, but I’m very aware of it now and it doesn’t last long, which I know my wife and kids appreciate. I do too. Everyone has a different story. Everyone has a different approach to dealing with things. There is no right or wrong. I’ll continue to describe my approach and detail the little victories and the small setbacks. Mostly because this is a weekly journal I use to leave myself breadcrumbs on my journey, so I remember where I have been and how far I have come. And maybe some of you appreciate it as well. –Mike Photo credit: “Scared Pandas” originally uploaded by Brian Bennett Heavy Research We are back at work on a variety of blog series, so here is a list of the research currently underway. Remember you can get our Heavy Feed via RSS, where you can get all our content in its unabridged glory. And you can get all our research papers too. Reducing Attack Surface with Application Control Use Cases and Selection Criteria The Double Edged Sword Security Management 2.5: You Buy a New SIEM Yet? Negotiation Selection Process The Decision Process Evaluating the Incumbent Revisiting Requirements Platform Evolution Changing Needs Introduction Advanced Endpoint and Server Protection Assessment Introduction Newly Published Papers Eliminating Surprises with Security Assurance and Testing What CISOs Need to Know about Cloud Computing Defending Against Application Denial of Service Security Awareness Training Evolution Firewall Management Essentials Continuous Security Monitoring API Gateways Threat Intelligence for Ecosystem Risk Management Dealing with Database Denial of Service Identity and Access Management for Cloud Services Incite 4 U SGO: Standard Government Obscurity: The Target hack was pretty bad, and it seems clear it may only be the tip of the iceberg. Late last week the government released a report with more details of the attack so companies could protect themselves. Er, sort of. The report by iSIGHT Partners was only released to select retailers. As usual, the government isn’t talking much, so iSIGHT went and released the report on their own. A CNN article states, “The U.S. Department of Homeland Security did not make the government’s report public and provided little on its contents. iSIGHT Partners provided CNNMoney a copy of its findings.” Typical. If I were a retailer I would keep reading Brian Krebs to learn what’s going on. The feds are focused on catching the bad guys – you are on your own to stop them until the cuffs go on. – RM Unrealistic expectations are on YOU! Good post on the Tripwire blog about dealing with unrealistic security expectations. Especially because it seems very close to the approach I have advocated via the Pragmatic CSO for years. I like going after a quick win and making sure to prioritize activities. But my point with the title is that if senior management has unrealistic expectations, it’s because your communications strategies are not effective. You can blame them all you want for being unreasonable, but if they have been in the loop as you built the program, enlisted support, and started executing on initiatives, nothing should be a surprise to them. – MR Other people’s stuff: The recent Threatpost article ‘Starbucks App Stores User Information, Passwords in Clear Text’ is a bit misleading, as they don’t mention that the leaky bit of code is actually in the included Crashylitics utility. The real lesson here is not about potential harm from passwords in log files, which is a real problem, with