All Good Things
Side note: we are aware of the site issues and are working hard on them. There were major changes to the platform we use, and they conflict with our high-security setup. I think we should have it fixed soon, and we apologize. That’s what we get for having a non-DevOps-y legacy site. Right now it is 68F here in Boulder, with an expected high of 89F. A little toasty. It’s 92F in Phoenix, with an expected high of 109F. Yesterday they hit 115F, breaking the record. A little helly. Stupid humans and global warming. We are down to the last five days of our month in Boulder. Staring down 110F+ temperatures isn’t doing much to improve my enthusiasm about heading home. Then again, I’ll only be home for one night before I head off to nine days in Vegas for Black Hat and DEF CON. I think it might be a degree or two cooler there than in Phoenix, so I have that going for me. Which is nice. The end of a trip, especially an extended one, is always a melancholy time. I didn’t accomplish nearly everything I hoped, but still can’t complain. I caught up with most of my friends, enjoyed watching my girls take swim lessons at the pool I taught at 20 years ago, hit nearly all my favorite restaurants, and learned that there are a c**p-load of kid-friendly parks in Boulder. Kind of never noticed them pre-kids. On the downside I didn’t get nearly as many rides or runs in as I hoped. Some friends’ schedules simply didn’t work out. And although we snuck in a few family hikes, I really hoped to spend more time in the mountains. Then again, that’s sorta tough with 5, 3, and 1 year olds. I had two main goals coming into this trip, and completely accomplished both of them. First was to simply relax and let the mountain air reduce my stress level. Work-wise it actually turned into a pretty packed month, but something about this town helps me maintain my center. It isn’t anything metaphysical, just an effect of settling into a place where you feel completely comfortable. I also wanted to get my kids out of the heat, and give them a summer adventure with a lot of time in the outdoors. To build up good memories of a place that is so important to me. You know, blatantly manipulate my kids. It totally worked. But summer is coming to a close and it’s time to gear up for the fall sprint. The workload is looking pretty intense, but continues the trend of some of the most fulfilling projects of my career. It starts with our Black Hat cloud security training, where I have a bunch of new material for advanced students I am excited to try out. So I didn’t spend as much time at coffee shops playing aging hipster as I expected (thanks to JumpCloud for loaning me a desk during my trip), didn’t spend as much time wandering the hills, and missed a couple friends. But in the end everything went pretty much perfectly. I’m mentally refreshed and ready to attack, the kids have awesome memories and some new favorite places, and no one ended up in the ER this time, so I think we get to come back next year. All good. Assuming our air conditioning still works in Phoenix. On to the Summary: Webcasts, Podcasts, Outside Writing, and Conferences Rich did a webcast on cloud security (with a SaaS focus) for Elastica. Favorite Securosis Posts David Mortman: TI+IR/M: The New Incident (Response) & Management Process Model. Adrian Lane: Hacker Summer Camp. There is always something going on before Black Hat, and this year has its share of drama. Mike Rothman: Firestarter: Security Summer Camp. A little over a week out, and I’m starting to get fired up. Schedule locked down, liver primed, ready to descend on Vegas. Good thing I don’t need to worry about disclosures or anything… Rich: Cloud File Storage and Collaboration: Core Security Features. I am picking my own post because I could use some feedback on this one. Other Securosis Posts The 2015 Endpoint and Mobile Security Buyer’s Guide [Updated Paper]. TI+IR/M: Quick Wins. Cloud File Storage and Collaboration: Overview and Baseline Security. Incite 7/23/2014: Mystic Rhythms. TI+IR/M: The New Incident (Response) & Management Process Model. TI+IR/M: Threat Intelligence + Data Collection = Responding Better. Leading Security ‘People’. Favorite Outside Posts David Mortman: The Promises of DevOps. Mike Rothman: Losing my religion. Hadn’t thought about Silicon Valley as a land of zealots, but after reading Chris Shipley’s post I get it. Though in order to do the things you do at a start-up (or even a big tech company) you need to believe. And that’s certainly many folks’ definition of religion… Adrian Lane: This Box Can Hold an Entire Netflix. A surprisingly ‘server-hugger’ style approach to content delivery, from one of the most whole-hearted and innovative cloud companies out there. A very interesting read! Research Reports and Presentations The 2015 Endpoint and Mobile Security Buyer’s Guide. Analysis of the 2014 Open Source Development and Application Security Survey. Defending Against Network-based Distributed Denial of Service Attacks. Reducing Attack Surface with Application Control. Leveraging Threat Intelligence in Security Monitoring. The Future of Security: The Trends and Technologies Transforming Security. Security Analytics with Big Data. Security Management 2.5: Replacing Your SIEM Yet? Defending Data on iOS 7. Eliminate Surprises with Security Assurance and Testing. Top News and Posts Threat Modeling: Designing for Security Anti-Surveillance Camouflage for Your Face Apple’s Legal Process Guidelines: U.S. Law Enforcement Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices. Slides. Apple’s support note on the tools mentioned in the presentation above. As expected, they have legitimate uses and don’t circumvent security controls. It will be interesting to see whether iOS 8 changes in response. Share: