I have an on again / off again, love/hate relationship with Twitter.

Those of you who follow me might have noticed I suddenly went from barely posting to fully re-engaging with the community. Sometimes I find myself getting fed up with the navel gazing of the echo chamber, as we seem to rehash the same issues over and over again, looking for grammatical and logical gotchas in 140 characters. Twitter lacks context and nuance, and so all too easily degrades into little more than a political talk show. When I’m in a bad mood, or am drowning at work, it’s one of the first things to go.

But Twitter also plays a powerful, positive role in my life. It connects me to people in a unique manner unlike any other social media. As someone who works at home alone, Twitter is my water cooler, serving up personal and professional interactions across organizational and geographic boundaries. It isn’t a substitute for human proximity, but satisfies part of that need while providing a stunning scope and scale. Twitter, for me, isn’t a substitute for physical socialization, but is instead an enhancer that extends and augments our reach. When a plane disgorges me in some foreign city, any city, it is Twitter that guarantees I can find someone to have a beer or coffee with. It’s probably good that it wasn’t invented until I was a little older, a little more responsible, and a lot married.

As a researcher it is also one of the most powerful tools in the arsenal. Need a contact at a company? Done. Have a question on some obscure aspect of security or coding? Done. Need to find some references using a product? Done. It’s a real-time asynchronous peer network – which is why it is so much better for this stuff than LinkedIn or Facebook.

But as a professional, and technically an executive (albeit on a very small scale) Twitter challenges me to decide where to draw the line between personal and professional. Twitter today is as much, or more, a media tool as a social network. It is an essential outlet for our digital personas, and plays a critical role in shaping public perceptions. This is as true for a small-scale security analyst as for the Hollywood elite or the Pope. What we tweet defines what people think of us, like it or not.

For myself I made the decision a long time ago that Twitter should reflect who I am. I decided on honesty instead of a crafted facade. This is a much bigger professional risk than you might think. I regularly post items that could offend customers, prospects, or anyone listening. It also reveals more about me than I am sometimes comfortable with in public. For example, I know my tweet stream is monitored by PR and AR handlers from companies of all sizes. They now know my propensity for foul language, the trials and tribulations of my family life, my favorite beers, health and workout histories, travel schedules, and more. I don’t put my entire life up there, but that’s a lot more than I want in an analyst database (yes, they exist).

One day Twitter will help me fill a cancelled meeting on a business development trip, and the next it will draw legal threats or lose me a deal.

Tweets also have a tendency to reflect what’s on my mind at a point in time, but completely out of context. Take this morning for example: I tweeted out my frustration at the part of the industry and community that spends inordinate time knocking others down in the furtherment of its own egos and agendas. But I failed to capture the nuance of my thought, and the tweet unfortunately referred to the entire industry. That wasn’t my intention, and I tried to clarify, but additional context is a poor substitute for initial clarity.

My choice was to be honest or crafted. Either Twitter reflects who I am, or I create a digital persona not necessarily aligned with my real self. I decided I would rather reveal too much about who I am than play politician and rely on a ‘managed’ image. Twitter is never exactly who I am, but neither is any form of writing or public interaction.

This explains my relationship with Twitter. It reflects who I am, and when I’m down and out I see (and use) Twitter as an extension of my frustration. When I’m on top Twitter is a source of inspiration and connection. It really isn’t any different than physical social interaction. As an introvert, when I’m in a bad mood, the last thing I want is to sit in a crowded room listening to random discussions. When I’m flying high (metaphorically – I’m not into that stuff despite any legalization) I have no problem engaging in spirited debate on even the most inane subjects, without concern for the consequences.

For me, Twitter is an extension of the real world, bringing the same benefits and consequences.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

• Adrian’s Dark Reading post on Big Data Security Recommendations.
• Rich quoted on DLP at TechTarget.

Favorite Securosis Posts

• Mike Rothman (and David Mortman): The CloudSec Chicken or the DevOps Egg. I had a very similar conversation regarding the impact of SDN on network security this week. It’s hard to balance being ahead of the market and showing ‘thought leadership’ against building something the market won’t like. Most of the network security players are waiting for VMWare to define the interfaces and interactions before they commit to much of anything.
• Adrian Lane: Can we effectively monitor big data?. Yes, it’s my post, but I think DAM needs to be re-engineered to accommodate big data.
• Rich: Building an Early Warning System: Deploying the EWS. Mike is taking a very cool approach with this series.

Other Securosis Posts

• Selecting an Enterprise Key Manager.
• Incite 12/12/2012: Love the Grind.
• Building an Early Warning System: Determining Urgency.
• Can we effectively monitor big data?
• Incite 12/5/2012: Travel Tribulations.
• Enterprise Key Manager: Management Features.

Favorite Outside Posts

• Mike Rothman: Atari Teenage Riot: The Inside Story Of Pong And The Video Game Industry’s Big Bang. Fascinating story about how Atari ended up launching Pong to the market. I love revisiting history like this, as it’s instructive in the inexact science of finding markets and building successfully companies.
• Adrian Lane: Defending Against the Unknown Enemy: Applying FlipIT to System Security. Dense as most academic papers, but an excellent strategic examination of defensive security.
• David Mortman: Where’s Waldo?
• Rich: Three Years of Application Security Data. OMG! Data! Proof, not anecdote!!!
• Rich #2: A different post from the Harvard Business Journal on political corruption strangling innovation. That’s right, here in the good old US of A.

Research Reports and Presentations

• Implementing and Managing Patch and Configuration Management.
• Defending Against Denial of Service (DoS) Attacks.
• Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
• Tokenization vs. Encryption: Options for Compliance.
• Pragmatic Key Management for Data Encryption.
• The Endpoint Security Management Buyer’s Guide.
• Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
• Understanding and Selecting Data Masking Solutions.

Top News and Posts

• Delta Air Lines publishes privacy policy, but reseacher finds a fault.
• Living with HTTPS An HSTS discussion – from July apparently – but interesting.
• Hosting Antagonist automatically fixes vulnerabilities in customers websites.
• Top 10 ways to avoid being tracked online.
• Cloud Browsers are a Security Threat. Not sure why this threat is any different, other that it’s easier to gather information.
• Government Report Warns of ‘Persistent, Pervasive’ Economic Espionage Attacks on U.S.
• Mitigating Targeted Attacks on Your Organization.
• US counterterrorism agency will store data on innocent Americans to look for future crimes.

Blog Comment of the Week

Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Richard, in response to Enterprise Key Managers: Technical Features, Part 2.

You’re right there can be plenty of overlap between the things that manage keys and the things that use keys. When thinking about functionality I think it’s important to first assess where the ‘brains’ of the system are. Sometimes the clients (the things that use the keys) are relatively smart, they understand policies, users, data types etc. and might even generate keys locally. They might view a key manaager as a relatively dumb ‘key vault’ and nothing more. On the other hand the key manager at the center might be the brains of the outfit and control policy and usage distributing keys to relatively dumb clients on a ‘need to use’ basis.