I have never been a fan of large gatherings of people. You would never find me at a giant convention center listening to some evangelist, motivational speaker, politician, or business ‘guru’ tell me how to improve my life. I don’t stalk celebrities; participate in “million man marches”, tea party gatherings, promise-keepers, or any something-a-palooza to support a cause. I don’t have a cult-like appreciation of ‘successful’ people. It has nothing to do with a political or religious bent and I don’t fear crowds – it is a personality trait. To me group-think is a danger signal. I’m a skeptic. A contrarian. If everyone’s doing it, it must be wrong.
But it’s not like I never attend large events: AC/DC concerts are a go, and I’ll wait in long lines to get an iPhone. But it’s just as likely to bite you as be rewarding – you know, like the last Star Trek movie, the one with the terrible plot you’ve seen six times, because the cast and cinematography are oddly appealing. Anyway, when lots of people think something’s great I usually walk the other way.
So what the heck was I doing at the Berkshire Hathaway Shareholders meeting last weekend? In Omaha, Nebraska, of all places? Forty thousand finance geeks standing in near-freezing rain, waiting for the doors to open at the CenturyLink center to hear Warren Buffett and Charlie Munger talk about stock performance? Are you kidding me? But there I was, with Gunnar Peterson, listening to the “Oracle of Omaha” talk about Berkshire Hathaway and investment philosophy. And it was a bit like a cult – a pilgrimage to listen to two of the greatest investors in history. But despite all my reservations I had a great time. You wouldn’t expect it from the topic but the meeting was entertaining. They were funny, insightful, and incredibly rational. They are politically incorrect and unapologetic about it. They are totally transparent, and as likely to remind you of their failures as successes. And they are more than happy to critique one another for their flaws (I’m certain I have seen these traits at another company before). As much as I have read about Munger and Buffett in the last 18 months – I think I read most of their funny quips before the meeting – there is something about hearing all of it in one place that weaves their concepts into a single cohesive tapestry of thought. You see the core set of values repeated consistently as they answer questions, no matter what the subject.
If you are interested in a recap of the event, the Motley Fool blog did an excellent job of capturing the questions and some of the humor.
I only started to follow Charlie and Warren about 18 months ago, because Gunnar’s use of sage Charlie Munger quotes got me curious. Now I am hooked, but not because I want investment ideas – instead I am fascinated by an incredibly simple investment philosophy, that involves an incredibly complex set of rational models, that forms the foundation of their decision process. Both men are contrarians – they choose to invest in a method that for decades people thought was a fluke. Berkshire has been called a 6-sigma outlier. They have been derided for not investing in tech companies during the tech boom – a profound critique when you consider Apple, Google, and Microsoft are some of the fastest-growing and 3 out of of 5 of the largest companies in the world. They have been mocked in the press as being “out of touch” when the market was going crazy during the whole mortgage/CDO fiasco. But they have stayed the course, despite fickle and fashionable trends, on their way to become the most successful investors in history. Berkshire is now one of the top 5 companies in the world, but ultimately their approach to decisions is what fascinates me. Had I heard about them during college, and comprehended their message as I do today, I would probably have gone into finance instead of computer science.
Oh, before I forget, the majority of the Securosis team will be at Secure360 next week. Mort and I will be presenting on big data security. Ping us if you’re in Minneapolis/St. Paul and want to get together!
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Favorite Securosis Posts
- Rich: My “Peak Experience” article in The Magazine. I am really excited about this one, so even though it is technically an ‘Outside’ item I picked it as my favorite post. It’s the story of a mountain rescue I was on over a decade ago, for a really exciting publication, which I am honored to write for.
- David Mortman: The CISO’s Guide to Advanced Attackers: Evolving the Security Program.
- Mike Rothman: Some (re)assembly required. Need to show some love for our contributor Gal, who posted his first solo piece on the blog. He makes a great point about never forgetting the data security lifecycle.
- Adrian Lane: Finger-pointing is step 1 of the plan.
Other Securosis Posts
- Database Breach Results in $45M Theft.
- Security Earnings Season in Full Swing.
- McAfee Gets Some NGFW Stones.
- Incite 5/8/2013: One step at a time.
- 2FA isn’t a big enough gun.
- Now China is stealing our porn.
- The CISO’s Guide to Advanced Attackers: Breaking the Kill Chain.
- Friday Summary: May 3, 2013.
- IaaS Encryption: How to Choose.
- IaaS Encryption: Object Storage.
Favorite Outside Posts
- Rich: White House close to backing FBI’s wiretap backdoor proposal, says NYT. This is a short piece, but insanely important. Backdoors for wiretapping are horrible for security, with a long history of misuse and compromise.
- David Mortman: Google unveils 5-year roadmap for strong authentication.
- Mike Rothman: FUDwatch: Armenia. Marcus Ranum determines (with tongue firmly in cheek) that the biggest threat in the known world is… Armenia. Which just goes to show that you can make data say pretty much whatever you want it to. So interpret the breach reports and other data sources carefully, and figure out what you want them to say.
- Adrian Lane: The State of Web Security. It’s a week old but we didn’t link to it last week, and there is too much good info in this WhiteHat report to miss!
Research Reports and Presentations
- Email-based Threat Intelligence: To Catch a Phish.
- Network-based Threat Intelligence: Searching for the Smoking Gun.
- Understanding and Selecting a Key Management Solution.
- Building an Early Warning System.
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
Top News and Posts
- Trade Sanctions Cited in Hundreds of Syrian Domain Seizures.
- IBM open sources new approach to crypto. Call me skeptical.
- Nordstrom Using Smart Phones To Track Customers Movements. They can probably tie checkouts to cellular numbers with decent accuracy.
- Systems manager arrested for hacking former employer’s network.
- Google hit by building automation security bug.
- Microsoft releases fix-it for Internet Explorer 8 vulnerability.
- Use These Secret NSA Google Search Tips to Become Your Own Spy Agency.
- Password Security Strategy: Honeywords.
- Blackmail Pornography Bot.
- Pentagon leases Chinese satellite.
- A Stopgap Fix for the IE8 Zero-Day Flaw via Krebs.
- McAfee Patents Technology to Detect and Block Pirated Content. Sound like a bad idea to anyone else?
Blog Comment of the Week
This week’s best comment goes to Anonymous, in response to 2FA isn’t a big enough gun. No one posted a comment on the blog, but we got one via email that made me crack up:
You guys depress the fsck out of me. I think your new company name should be DOOM DOOM DOOM!!!
I have a trademark in case it comes to that.