My wife and I are pretty big Jimmy Buffett fans. I first got hooked way back in high school, working as a lifeguard. The summer of my freshman year in college I went with a group of friends down to the Orange Bowl, and we snuck off for a day trip to Key West and a short visit to the very first Margaritaville.
I really got hooked when I was deep into paramedic school. In our program you worked or attended classes 80+ hours a week – bouncing around between a bunch of hospitals, fire stations, and ambulance bays throughout the entire Denver Metro area. In the middle of winter I survived all those hours on the road thanks only to a Buffett tape serenading me with sweet visions of beaches and beer.
Later, it didn’t hurt that I met my wife at a Buffett show.
While he tours consistently year after year, he only hits Phoenix every 2-3 years now. So when we didn’t see our home town on the schedule, a bunch of us decided to get tickets to the Vegas show.
Then he added the Denver show. I lived in Boulder for 16 years and still have a big chunk of friends there who convinced me to pop over for the show – especially since I hadn’t seen some of them in 2 years, and Buffett hadn’t played Denver in 8.
Then he added the Phoenix show.
And that, my friends, is how I managed to sign up for three Jimmy Buffett shows, in three different cities, in three different states in one week.
One of which is tonight, and I have to go assemble our new portable grill. So…
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
Quiet week. Guess even media whores need some time off.
Favorite Securosis Posts
- Adrian Lane: Tokenization Guidance: Merchant Advice.
- Rich: Applied Network Security Analysis. Because Mike writes much better section headings than I do.
Other Securosis Posts
Favorite Outside Posts
- Adrian Lane: Secret iOS business; what you don’t know about your apps. There are scarier threats to all mobile platforms than what’s mentioned here, but the post does a great job of underscoring that security is only as good as the app developer. And if they want to spy on you… they will.
- Mike Rothman: The forever recession (and the coming revolution). Seth Godin is the philosopher king of the Internet age. This is a great post about how every recession gives way to unbounded growth. If you can figure out how to deal with the next thing. Read this. Read his stuff. Adapt.
- Pepper: Georgia Tech Turns iPhone into spiPhone. Fortunately not suitable for even half-decent passwords, but a very clever hack to eavesdrop via an accelerometer. Should work on Android phones too – for now.
- Rich: Michael Winslow gets the Led out. I know this has nothing to do with security. And I know it’s been all over Twitter. But it’s still the awesomest thing I’ve seen in a while.
Research Reports and Presentations
- Fact-Based Network Security: Metrics and the Pursuit of Prioritization.
- Tokenization vs. Encryption: Options for Compliance.
- Security Benchmarking: Going Beyond Metrics.
- Understanding and Selecting a File Activity Monitoring Solution.
- Database Activity Monitoring: Software vs. Appliance.
- React Faster and Better: New Approaches for Advanced Incident Response.
- Measuring and Optimizing Database Security Operations (DBQuant).
- Network Security in the Age of Any Computing.
Top News and Posts
- Venafi’s take on Duqu.
- W32.Duqu: The Precursor to the Next Stuxnet. Supposedly from the Stuxnet authors.
- New Jersey Transit Embraces Google Wallet. And so it begins.
- Oracle publishes major patch release. Many database and Java patches.
- Cloud Security in Datacenter Terms.
- Google embraces HTTPS.
- Social Security kept silent about private data breach. We missed this last week.
- APT – The Plain Hard Truth.
- RSA blames breach on two hacker clans working for China. I didn’t get to see the talk, and so am still slightly skeptical, but expect more info to come out at RSA this year.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Patrick, in response to Database Security Market Sizing and Guesstimation.
This post raises an interesting issue for me –
And that is, what is the purpose of measurement and estimation? Of anything, really – a market, an effect, a potential risk or loss magnitude?
In my mind, it’s a matter of accuracy vs precision, bounded by the contextual requirements of how much reduction in uncertainty is required by the subject/decision at hand.
Single point estimates, like the one referenced above – are usually not as informative as we might wish.
A range, or even an estimated probability distribution, is much more useful, and not that hard to do quickly.
How big is the database security market? I don’t know – but that doesn’t mean I couldn’t come up with something useful if I needed to make a decision.
The key here is useful, not precise – just about measurement carries some uncertainty.