This is the Securosis Friday Summary. For those of you who don’t know this is where Rich and I vent. When I started working with Rich I used to loathe writing this intro; now it’s therapeutic. It gives me a chance to talk about whatever is on my mind that I think people might find interesting. Sure, most Friday posts talk about security, but not always. If such things bother you – as one reader mentioned last week – search within the page for ‘Summary’ to avoid our ramblings.

Security Burnout? Breach Apathy? Repetitive task depression? Been there, done that, got the T-shirt to prove it? If you have been in security long enough, you will go though some security industry induced negative mental states. It happens to everyone on the security treadmill – it’s the security professionals’ version of the marathon runners’ wall. A tired, disinterested, day-to-day grind of SOSDD. I know I’ve had it – twice in fact. As an IT admin reviewing the same log files over and over again, and also from writing about security breaches caused by the same old SQL injection attacks.

Rich, James Arlen, and I got into a conversation about this over dinner the other night. Rich and I have achieved a quiet inner peace with the ups and downs of security, mainly because our work lets us do more of what we like and less of the daily grind that folks in IT security deal with on a daily basis. Usually during my career, with vacations frowned upon for startup executives, conferences were a source of inspiration. Actually, they still are. Presentations like Errata security’s malicious iPhone and Jackpotting Automated Tellers can renew my interest and fascination with the profession. I go back to work with new energy and new ideas on what I can do to make things better. Somewhere down the line, though reality always settles back in. As with life in general, I try not to get too worked up about this profession, but to find the pieces that fascinate me and delve into those technologies, leaving the rest of the stuff behind.

On Monday during the RSA Security Conference, Mike, Rich, David Mortman, and I will be helping with the ‘e10+’ event. The idea of this session is to provide advanced discussions for security pros who have been in the field over 10 years. We talk about some of the complex organizational problems security folks deal with, and share different strategies for addressing problems. Of course there is no shortage of interesting problems, and there are some heavily experienced – and opinionated – people in the room, so the discussion gets lively. It’s not on the agenda, but it dawned on me that dealing with security burnout – both causes and reactions – would actually be a good topic for that event. How to put the fun back in security. I hope our talks will do just that. Rich has some great ideas on consumerization and risk (yeah, I know – who thought risk could be interesting?) that I expect to spark some lively debate. Usually during RSA I am too busy worrying about my presentation or meeting with people to see much new stuff, but this year I am looking forward to the event.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Other Securosis Posts

Favorite Outside Posts

Project Quant Posts

Research Reports and Presentations

Top News and Posts

Blog Comment of the Week

No comments this week. We need to start writing better posts!