Rich here.

I’m starting to think I might be dealing with a bit of burnout. No, not the “security burnout” that keeps cropping up on Twitter and in blog posts, but a bit of a personal burnout. I just find myself lacking a bit of general enthusiasm and creativity that usually keeps me plowing away at a productive rate.

This burnout doesn’t have anything to do with security. I still freaking love our profession, even if some of our debates are getting a bit stale. We are long past the early days of the social dialog created by blogs, Twitter, and podcasts. So our discussions lack a certain freshness as we beat postmortem horse after postmortem horse.

It also isn’t related to my job, which is freaking awesome. Aside from the usual advantages of working for myself, I have a flexibility I still can’t believe is possible. It stuns me that our business model works, because we seem to be doing everything independent analyst firms supposedly cannot get away with. Seriously, it doesn’t make sense – not that I’m complaining.

Plus, how many analysts get to manage software projects and build technical labs?

Personal life? All is good there. Awesome wife and kids. I get to race triathlons despite a full time job and young kids. Although I won’t lie – I could get out of the house a little more (aside from my workouts). A little social interaction somewhere other than a security conference won’t hurt.

But as I write this I realize what the problem might be.

I am seriously freaking tired. Bone weary, can barely function from day to day tired.

The culprit? A cute little three year old and her younger sister who have taken to waking us up at 5am every day.

For 3 years.

And they demand constant attention every waking hour. I know I’m far from the first to go through this, and those of you with older kids can stop grinning with the superiority of someone who managed to swim to shore after the Titanic went down. I’d appreciate it if you would just quietly enjoy my pain and keep it to yourself.

Aside from the lack of sleep, I also realized that Securosis has now been in business almost exactly five years. It all started in a Margaritaville during Black Hat when I got the word my condo in Boulder had sold and I now had enough financial runway to survive for 6 months. Ask Chris Hoff – he was there and didn’t believe me when I said I was resigning from Gartner the following Monday (he also hooked me up with my first project, which didn’t hurt). I had wanted to do something different for a while, and that cash cushion was exactly what I needed.

But 5 years is 5 years and I am fully willing to admit that some of the enthusiasm of that first year has worn off. It isn’t new or different anymore, even though I get to do new and different things almost daily.

Okay – so I’ve identified two problems, and I’m not the kind of person to sit back and wait for change.

Step 1 is getting one of those “okay to wake” clocks for the kiddo. They have lights that change color when it’s okay to get out of the room in the morning. The thought of sleeping in until 6am consistently is more exciting than… well, pretty much anything. Seriously, far more exciting than even my various teenage male fantasies.

After that? Time to pull a Rothman and get out of the house and work at coffee shops a bit more. I love the cats, but they don’t give a crap about oracle padding attacks or cloud APIs. I need to get a little creative with the research and writing again, and that probably means slowing down the day to day distraction schedule and turning off RSS and Twitter. Those two things and launch our damn SaaS product finally. I’m pretty sure every day will be new and interesting again when I suddenly have to support customers and start acting like a software company.

Oh, heck, just watching Rothman’s head explode when he realizes he’s a vendor again will give me at least a month or two of daily amusement. And if that comes with 8 hours of sleep and a good workout every day? So much the better.

On to the Summary:

Webcasts, Podcasts, Outside Writing, and Conferences

Favorite Securosis Posts

Other Securosis Posts

Favorite Outside Posts

Project Quant Posts

Research Reports and Presentations

Top News and Posts

Blog Comment of the Week

Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Richard, in response to Choosing Your Key Management Strategy.

Key management means something different to almost everyone so it’s great that you’re trying to bring some standard language to the topic. I think you’ve got the 4 main scenarios spot on but I tend to think of the term ‘silo’ as applying to your third scenario rather than the second – i.e. aligning it with organizational silos within an enterprise (such as storage) rather than a single product or application. If I understand the blog correctly, the first two scenarios both refer to single apps – where the first refers to a single isolated instance and the second refers to a distributed multi-instance app – i.e. the difference between me managing my own laptop encryption rather than an enterprise managing a fleet of laptops all with the same encryption capabilities. Scenarios 3 and 4 instead cover key management as an abstracted service in the context of managing keys across a range of disparate apps or devices – the difference between the scenarios being one of scope. Scenario 3 is constrained to a related set of apps, often in a single organizational ‘silo’ – i.e. a variety of different storage encryption technologies but managed by a common IT/security team. Whereas Scenario 4 is when the problem is pushed out to the limit of the entire organization – not only spanning multiple products but also organizational domains – quite literally all the keys in the kingdom. At the risk of introducing new terminology, to me, calling Scenario 1’Local’ and Scenario 4 ‘Enterprise’ are spot on, but I can’t help thinking that Scenario 2 works better as ‘Distributed’ and scenario 3 as ‘Silo’ or ‘Domain’.

He’s right, and I’m updating the research.