Warning- today’s introduction includes my political views.


Whatever your political persuasion, there’s no denying the magnitude of this week. While we are far from eliminating racism and bias in this country, or the world at large, we passed an incredibly significant milestone in civil rights. My (pregnant) wife and I were sitting on the couch, watching a replay of President Obama’s speech, when she turned to me and said, “you know, our child will never know a world where we didn’t have a black president”.


One thing I think we here in the US forget is just how much we change with the transition to each new administration, especially when control changes hands between parties. We see it as the usual continuity of progress, but it’s very different to the outside world. In my travels to other countries I’m amazed at their amazement at just how quickly we, as a nation, flip and flop. In the matter of a day our approach to foreign policy completely changes- never mind domestic affairs. We have an ability to completely remake ourselves to the world. It’s a hell of a strategic advantage, when you really think about it.

In a matter of 3 days we’re seeing some of the most material change since the days of Nixon. Our government is reopening, restoring ethical boundaries, and reintroducing itself to the world.


When Bush was elected in 2000 I was fairly depressed. He seemed so lacking in capacity I couldn’t understand his victory. Then, after 9/11, I felt like I was living in a different country. An angry country, that no longer respected diversity of belief or tolerance. A country where abuse of power and disdain for facts and transparency became the rule of our executive branch, if not (immediately) the rule of law.

I was in Moscow during the election and was elated when Obama won, despite the almost surreal experience of being in a rival nation. When I watched the inauguration I felt, for the first time in many years, that I again lived in the country I thought I grew up in- my faith restored.

Talking with my friends of all political persuasions, it’s clear that this is also a transition of values. Transparency is back; something sorely lacking from both the public and private sector for far longer than Bush was in office. Accountability and sacrifice are creeping their heads over the wall. And lurking along the edges of the dark clouds above us is self sacrifice and unity of purpose. I’m excited. I’m excited more about what this mean to our daily and professional lives than just our governance. Will my hopes be dashed by reality? Probably, but I’d rather plunge in head first than cower at home, shopping off Amazon.

Oh- and there was like this really huge security breach this week, some worm is running rampant and taking over all our computers, and some idiots keep downloading pirated software with a Mac trojan.

Here is the week’s security summary:

Webcasts, Podcasts, Outside Writing, and Conferences:

Favorite Securosis Posts:

Favorite Outside Posts:

  • Adrian: Hoff’s ruminating on Cloud security of Core services. The series of posts has been interesting. I follow many of these blog posts made on dozens of different web sites, but only for the occasionally humorous debate. Not because I care about the nuts and bolts of how Cloud computing will work, how we define it, or where it is going. The CIO in me loves the thought of minimal risk for trying & adopting software and services. I am interested in the flexibility of adoption. I do not need to perform rigorous evaluations of hardware, software, and environmental considerations- just determine how it meets my business needs, how easy is it to use, and does the pricing model work for me. After a while if I don’t like it, I switch. Stickiness is no longer an investment issue, but a contract issue. And I am only afraid of these services not being in my core if I run out of choices in the vendor community. I know there are a lot more things I do need to consider, and I cannot assume 100% divestiture of responsibilities for compliance and whatnot, but wow, the perception of risk reduction in platform selection drops so much that I am likely to jump forward without a full understanding of other risks I may inherit because of these percieved benefits. Not that it’s ideal, but it is likely.
  • Rich: Sharon on Wwll the Real PII Stand Up? He raises a great issue that there are a bunch of definitions of PII in different contexts, and an increasingly complex regulatory environment with multiple standards.

Top News and Posts:

Blog Comment of the Week:

We didn’t post much, but the comments were great this week. Merchantgrl on the Heartland Breach post:

They were breached a while ago and they just happened to pick that day to finally announce it?

Several people have brought up the Trustwave audit of April 2008. To be compliant, they need ‘REGULAR’ testing. https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Requirement 11: Regularly test security systems and processes. What was there schedule for testing? audits?

Rafal is right- the financial implications are huge. Given the magnitude, and the lack of information being released on their new 2008breach.com site, it makes you wonder.