Friday Summary: August 17, 2012By Rich
Some weeks I can’t decide if I should write something personal, professional, or technical in the Summary intro. Especially when I’m absolutely slammed and haven’t been blogging. This week I’ll err on the side of personal, and I’m sure you all will give me a little feedback if you prefer the geeky.
Last summer and fall I had a bit of a health scare, when I thought I was, well, dying, at breakfast with Mr. Rothman. Now I know many people think they’ve felt that way while dining with Mike, but I seriously thought I was going out for the count. Many months and medical tests later, they think it was just something with my stomach, and beyond a more-than-fair share of indigestion, I have moved on with life.
I have always tried to be a relatively self-aware individual (well, not counting most of my life before age 27 or so). Some people blow off scares like that, but I figured it was a good way to review my life priorities. I came up with a simple list:
4 Everything else
Yes, in that order.
I can’t be there for my family if I’m not healthy, and my wife and kids matter a lot more to me than anything else. I don’t begrudge people who prioritize differently – I know plenty of people who put work/career in front of family (although few admit it to themselves). That’s their decision to make, and some of them see financial health the way I look at physical health.
That’s also why I put fitness ahead of work. For me, it is intrinsically tied to health, but the difference is that I will skip a workout if necessary to be there for my family. But aside from the health benefits (not counting the injuries), I want to be very active and very old someday, which I can’t do without working out. A lot. And it keeps me sane.
Then comes work. As the CEO of a startup facing its most important year ever, work has to come before everything else. This Securosis thing isn’t just a paycheck - it is long-term financial security for my family. I can’t afford to screw it up.
The upside of The List is that it makes decisions simple. Can I carve out 2 hours for a workout during business hours so I can be home with my family that night? Yes. Do I skip a Saturday morning ride because I have been traveling a lot and need to spend time with the kids? Yes. Can I travel for that conference during a birthday? No.
The downside of my list is that “everything else” is a distant fourth to the top three items. That means less contact with friends; dropping most of my hobbies that don’t involve pools, bikes, or running shoes; and not having the diversity in my life that I enjoyed before my family. Other than the part about friends, I am okay with those sacrifices. When the kids are older I can start woodworking, recreational hacking, and playing with the soldering iron again. I don’t have much of a social life and I work at home, which is pretty isolating, and maybe I will figure that out as the kids get older. It also means I dropped nearly all my emergency services work, and for the first time since I was 18 I might drop it completely for a few years.
And, in case you were wondering, The List is the reason I haven’t been writing as much. We are completing some seriously important long-term projects for the company and those need to take priority over the short stuff.
But I like algorithms. Keeps things simple, especially when you need to make the hard choices.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Quiet. Must be summer.
Favorite Securosis Posts
- Adrian Lane: Pragmatic WAF Management: Policy Management. I don’t normally pick my own posts but I like this one. And there was so much ground to cover I am afraid I might have left something out, so I would appreciate feedback.
- Mike Rothman: Pragmatic WAF Management: Policy Management. WAFs still ain’t easy, nor are they going to be. But understanding how to build and manage your policies is the first step. Adrian lays out what you need to know.
- Rich: Always Assume. This is an older post, but it came up in an internal discussion today and I think it is still very relevant.
Other Securosis Posts
- Pragmatic WAF Management: Application Lifecycle Integration.
- Incite 8/15/2012: Fear (of the Unknown).
- Endpoint Security Management Buyer’s Guide: Ongoing Controls – Device Control.
- Endpoint Security Management Buyer’s Guide: Ongoing Controls – File Integrity Monitoring.
Favorite Outside Posts
- Mike Rothman: Triple DDoS vs. krebsonsecurity. You know you have friends in high places when a one man operation is blasted by all sorts of bad folks. Krebs describes his battle against DDoS in this post and it’s illuminating. We will do some research on DDoS in the fall – we think this is an attack tactic you will need to pay much more attention to.
- Adrian Lane: Software Runs the World. I’m not certain we can say software is totally to blame for the Knight Capital issue, but this is a thought-provoking piece in the mainstream media. Although I am certain those of you who have read Daemon are unimpressed.
- Rich: Gunnar’s interview with Jason Chan of Netflix security. A gold mine for cloud security nuggets.
Project Quant Posts
Research Reports and Presentations
- Understanding and Selecting Data Masking Solutions
- Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks.
- Implementing and Managing a Data Loss Prevention Solution.
- Defending Data on iOS.
- Malware Analysis Quant Report.
- Report: Understanding and Selecting a Database Security Platform.
- Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform.
- Watching the Watchers: Guarding the Keys to the Kingdom.
Top News and Posts
- The insanity of the state of constant surveillance. Even worse than I thought.
- AT&T hit by DDoS attack.
- BackTrack 5 R3 released. Man, I remember using the distributions that became BackTrack, not that I can remember the names.
- The HIPAA/HITECH Wall of Shame is up to 21M records exposed.
- Google to offer $2M in rewards in Pwnium 2 contest.
- Defcon 20 badge firmware released.
- Adobe Reader patched, but vulnerabilities remain.
- Pro Israeli hacker talks about how he brought down Iranian sites.
- NYPD and Microsoft reveal the Domain Awareness System.
Blog Comment of the Week
Someday malicious persons (or at least those we want to block) will just throw their content (servers) or proxy themselves (visitors) through cloud providers. Then web filters and other reputation protection mechanisms are going to automatically start shunning and we’ll have a big ol’ coming to deity meeting. :)
It’s like when the servers hosting mozilla.org also host malware, so they get shunned which leaves corp users up a creek (or crick) trying to download firefox. (Yes, that’s a weak analogy with other issues, but just go with it!)