Friday Summary: June 29, 2012By Rich
I’m starting to think I might be dealing with a bit of burnout. No, not the “security burnout” that keeps cropping up on Twitter and in blog posts, but a bit of a personal burnout. I just find myself lacking a bit of general enthusiasm and creativity that usually keeps me plowing away at a productive rate.
This burnout doesn’t have anything to do with security. I still freaking love our profession, even if some of our debates are getting a bit stale. We are long past the early days of the social dialog created by blogs, Twitter, and podcasts. So our discussions lack a certain freshness as we beat postmortem horse after postmortem horse.
It also isn’t related to my job, which is freaking awesome. Aside from the usual advantages of working for myself, I have a flexibility I still can’t believe is possible. It stuns me that our business model works, because we seem to be doing everything independent analyst firms supposedly cannot get away with. Seriously, it doesn’t make sense – not that I’m complaining.
Plus, how many analysts get to manage software projects and build technical labs?
Personal life? All is good there. Awesome wife and kids. I get to race triathlons despite a full time job and young kids. Although I won’t lie – I could get out of the house a little more (aside from my workouts). A little social interaction somewhere other than a security conference won’t hurt.
But as I write this I realize what the problem might be.
I am seriously freaking tired. Bone weary, can barely function from day to day tired.
The culprit? A cute little three year old and her younger sister who have taken to waking us up at 5am every day.
For 3 years.
And they demand constant attention every waking hour. I know I’m far from the first to go through this, and those of you with older kids can stop grinning with the superiority of someone who managed to swim to shore after the Titanic went down. I’d appreciate it if you would just quietly enjoy my pain and keep it to yourself.
Aside from the lack of sleep, I also realized that Securosis has now been in business almost exactly five years. It all started in a Margaritaville during Black Hat when I got the word my condo in Boulder had sold and I now had enough financial runway to survive for 6 months. Ask Chris Hoff – he was there and didn’t believe me when I said I was resigning from Gartner the following Monday (he also hooked me up with my first project, which didn’t hurt). I had wanted to do something different for a while, and that cash cushion was exactly what I needed.
But 5 years is 5 years and I am fully willing to admit that some of the enthusiasm of that first year has worn off. It isn’t new or different anymore, even though I get to do new and different things almost daily.
Okay – so I’ve identified two problems, and I’m not the kind of person to sit back and wait for change.
Step 1 is getting one of those “okay to wake” clocks for the kiddo. They have lights that change color when it’s okay to get out of the room in the morning. The thought of sleeping in until 6am consistently is more exciting than… well, pretty much anything. Seriously, far more exciting than even my various teenage male fantasies.
After that? Time to pull a Rothman and get out of the house and work at coffee shops a bit more. I love the cats, but they don’t give a crap about oracle padding attacks or cloud APIs. I need to get a little creative with the research and writing again, and that probably means slowing down the day to day distraction schedule and turning off RSS and Twitter. Those two things and launch our damn SaaS product finally. I’m pretty sure every day will be new and interesting again when I suddenly have to support customers and start acting like a software company.
Oh, heck, just watching Rothman’s head explode when he realizes he’s a vendor again will give me at least a month or two of daily amusement. And if that comes with 8 hours of sleep and a good workout every day? So much the better.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich’s monstrous sandboxing article at TidBITS.
- Adrian’s 15 Ways to Get More From Log Files on Dark Reading.
- Mike’s monthly Dark Reading blog: Time to deploy the FUD weapon?.
- Rich in a New York Times blog on Apple.
Favorite Securosis Posts
- Rich: Mike’s Can You Stop a Targeted Attack?.
- Mike: Returning the favor, Rich’s Thoughts on Active Defense, Intrusion Deception, and Counterstrikes.
- Mike (again): Answering Questions about Sandboxing, Gatekeeper, and the Mac App Store – It’s not really an internal post but Rich wrote it, so it counts. A great overview of what Mountain Lion adds from a security standpoint.
- Adrian: And here I thought Empty Nest was the best post for the analysis.
Other Securosis Posts
Favorite Outside Posts
- Rich: Dennis Fisher’s LeBron James, Advanced Attackers and the Best Man Theory. Nails it, and boy does Dennis show off his background as a sports writer!
- Mike: Nora Ephron’s 1996 Wellesley Commencement Speech. A must-read, especially if you have daughters. Brutally honest about herself, her life, and the state of society back in 1996.
- Adrian: From a security standpoint, Rich’s monstrous sandboxing article at TidBITS was a really good read, but the most thought provoking was The Many Pivots of Justin.TV – a couple weeks old but I just ran across it.
Project Quant Posts
- Malware Analysis Quant: Index of Posts.
- Malware Analysis Quant: Metrics – Monitor for Reinfection.
- Malware Analysis Quant: Metrics – Remediate.
- Malware Analysis Quant: Metrics – Find Infected Devices.
- Malware Analysis Quant: Metrics – Define Rules and Search Queries.
- Malware Analysis Quant: Metrics – The Malware Profile.
- Malware Analysis Quant: Metrics – Dynamic Analysis.
Research Reports and Presentations
- Implementing and Managing a Data Loss Prevention Solution.
- Defending Data on iOS.
- Malware Analysis Quant Report.
- Report: Understanding and Selecting a Database Security Platform.
- Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform.
- Watching the Watchers: Guarding the Keys to the Kingdom.
- Network-Based Malware Detection: Filling the Gaps of AV.
Top News and Posts
- Incident response cheat sheet.
- The sportsmanship of cyberwarfare.
- Why Nigerian spammers say they are from Nigeria.
- Confusion as to the severity of the padding oracle attack (the thing RSA is getting hit on, but really affects way more than them).
- 20 years of Defcon. This year is gonna be huge!
- Interesting analysis of Anonymous based on the book “We are Anonymous”.
Blog Comment of the Week
Key management means something different to almost everyone so it’s great that you’re trying to bring some standard language to the topic. I think you’ve got the 4 main scenarios spot on but I tend to think of the term ‘silo’ as applying to your third scenario rather than the second – i.e. aligning it with organizational silos within an enterprise (such as storage) rather than a single product or application. If I understand the blog correctly, the first two scenarios both refer to single apps – where the first refers to a single isolated instance and the second refers to a distributed multi-instance app – i.e. the difference between me managing my own laptop encryption rather than an enterprise managing a fleet of laptops all with the same encryption capabilities. Scenarios 3 and 4 instead cover key management as an abstracted service in the context of managing keys across a range of disparate apps or devices – the difference between the scenarios being one of scope. Scenario 3 is constrained to a related set of apps, often in a single organizational ‘silo’ – i.e. a variety of different storage encryption technologies but managed by a common IT/security team. Whereas Scenario 4 is when the problem is pushed out to the limit of the entire organization – not only spanning multiple products but also organizational domains – quite literally all the keys in the kingdom. At the risk of introducing new terminology, to me, calling Scenario 1’Local’ and Scenario 4 ‘Enterprise’ are spot on, but I can’t help thinking that Scenario 2 works better as ‘Distributed’ and scenario 3 as ‘Silo’ or ‘Domain’.
He’s right, and I’m updating the research.