Friday Summary: February 25, 2011By Rich
In the relatively short period of time I have been on this planet, there are three time periods that really stand out to me as watershed moments in computing technology.
The first was the dawn of the personal computing era that conveniently overlapped with the golden age of video arcades. For me it started the day my elementary school teacher introduced us to a Commodore PET, through the first Mac, and tapered off in the late 80s when home computers stopped being an anomaly. I don’t think the excitement I felt was merely the result of being an enthusiastic young male. ASCII porn didn’t really cut it, even for a 14 year old geek.
Next was the dot-com era: around the time I should have graduated college if I hadn’t dragged out my undergrad a solid 8 years. In my memories it started when I signed up with my first dial-up ISP and played with Gopher and newsgroups – through the emergence of Mosaic, Netscape, and my first web sites (ugly) – and faded with the dot-com crash and crappy TV studio websites (which still, mostly, suck). Personally I went from paramedic, to PC tech, to sysadmin, to network admin, to developer in these short years. (Fast learner, I guess).
The third era? Right now. It started with the dual emergences of the iPhone and Amazon Web Services, and it’s years away from ending. For me the bellwether moments were my first Intel-based MacBook Pro running Parallels (I converted the official Gartner image into a VM to run it there), followed by the iPhone, with a little Dropbox mixed in. The overlapping models of mobility and cloud computing are creating one of the most exciting times to be in technology I can remember. With lower barriers to entry in terms of costs and hardware, and near-ubiquitous accessibility (even accounting for AT&T wireless), I’m more psyched today than even when I built my first little company to make doinky web apps and do a little security consulting. I seriously wish I was out there doing startups, but it’s not quite the time for a career change.
When I can spin up 5 different servers, on 5 different operating systems, in 5 minutes for under $5? From my iPad? That kicks so much more ass than making a crappy embossed background for my old ‘professional’ looking site.
As for security? Oh my god, is this a freaking awesome time to do what we do. The threats matter, the assets are important, and the opportunities are nearly endless. I realize a lot of people are depressed about the whole industry game and compliance cycle, but that’s a small penalty to pay for the excitement and meaning of our work. You don’t get a seat at the table unless the stakes are high.
Life is good.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Video of Rich on MSNBC. He apologizes for the eyebrow thing.
- Mort cited talking about cloud security at Bsides.
- Rich quoted at SearchSecurity on cloud.
- RSA Podcast on Agile development, Security Fail.
- Protegrity calls Securosis one of their favorite blogs.
- Data is Safe – Until It’s Not. Apparently Adrian telling the retail sector they suck at security has legs. And fortunately for us WhiteHat Security published data to back up his claim.
- Clearing The Air On DAM. Adrian’s Dark Reading post.
Favorite Securosis Posts
- Rich: FireStarter: The New Cold War. There seems to be lots of naivete out there. Guess what – they hack us, we hire people to hack them. The world goes on.
- Mike Rothman & Adrian Lane: What You Really Need to Know about Oracle Database Firewall. Rich calls out marketing buffoonery. FTW.
Other Securosis Posts
- React Faster and Better: Respond, Investigate, and Recover.
- Could This Be WikiLeaks for the Criminal Computer Underground?.
- What I Learned at RSAC.
- Incite 2/23/2011: Giving up.
- RSA: the Only Difference Between a Rut and a Grave Is the Depth.
- RSA: We Now Go Live to Our Reporters on the Scene.
- How to Encrypt Block Storage in the Cloud with SecureCloud.
- RSA 2011: A Few Pointers.
- The Securosis Guide to RSA 2011: The Full Monty.
Favorite Outside Posts
- Rich: Gunnar follows the Heartland cash. I haven’t seen anyone else track the financials of a company involved in a major breach so closely. Before we start talking “dollars per record lost”, we need more of this kind of work.
- Mike Rothman: The obsession with next. Given that next is all we saw at RSA, this was a timely post on the 37Signals blog.
- Adrian Lane: Russian Cops Crash Pill Pusher Party. Oddly no arrests have been reported, but a great story.
Research Reports and Presentations
- The Securosis 2010 Data Security Survey.
- Monitoring up the Stack: Adding Value to SIEM.
- Network Security Operations Quant Metrics Model.
- Network Security Operations Quant Report.
- Understanding and Selecting a DLP Solution.
- White Paper: Understanding and Selecting an Enterprise Firewall.
- Understanding and Selecting a Tokenization Solution.
- Security + Agile = FAIL Presentation.
Top News and Posts
- Zeus malware integrating SMS for hacking out of band authentication.
- More on HBGary Hack.
- Lion Watch. With new FileVault. When to implement that is an open question.
- SSDs resistant to erasure.
- Updated SAFEcode Development Practices.
- Oracle Releases Database Firewall.
Blog Comment of the Week
Nice piece, Adrian–and it was good to meet you too.
The general sentiment I heard from vendors I talked to was that the overall mood was better at RSA this year and there were more end-users (as opposed to vendors and partners selling to one another). I can’t form an opinion, as this was my first RSA, but I’ve been to a lot of other conferences and I really didn’t see much difference between this one and other “commercial” ones.
That being said, I did see some interesting stuff going on, and I think it’s our job to seek it out and nurture it. And get rid of both the booth babes AND the party babes.