Friday Summary: September 16, 2011By Adrian Lane
It was the idea of a party that got me thinking about it: I loved the 1990’s. It was a great decade – for me at least. I had just graduated college and pretty much everything was new. During that decade I met my wife, got married, got my first place on my own, bought my first house, got my first promotion to CTO, was finally able to buy a car that cost more than a week’s salary, made good money, was best man at four friends’ weddings, started my first company, finally got to travel the US, and made many lasting friendships. The silicon valley was a great place to work back then – it seemed like every week there was some amazing new technology to work on, or an exciting new trend.
This last decade sucked. I closed my first company, nearly lost every penny in the tech crash, had serious doubts about what I wanted to do with my life, was uncertain whether I wanted to stay in technology, suffered health issues, avoided the news every day in case ‘W’ did something else to piss me off, worked with jerks, moved friends out of their foreclosed homes, watched other friends implode, and finally closed my wife’s real estate office. It certainly has not been all bad, but there have been an inordinate number of poop storms. It feels like I have been enduring this depression – the economic one that technically started in 2007 with the real estate collapse – since the 2001 tech collapse. Everything good of the 90s was counterbalanced by the bad of the 2000s. My attitude and optimism took a severe beating.
But things are getting much better – even though some places in Phoenix still look post-apocalyptic. I get to live at home now: no more interstate commute. I no longer work on Monkey Island. In the last 18 months or so, while the work load is staggering, this little business of ours has been growing. And I could not ask for better business partners! Technology is interesting again. I have finally gotten a life/work balance I am comfortable with. I don’t tie my entire sense of self worth to my work any longer. The family is healthy and happy, my wife is embarking on a new career, and it feels like we have turned a corner.
So my wife and I decided it was time to come out of our doldrums and do something fun. As a symbol, we chose to revive our Halloween party – which we used to throw in the Bay Area for 80-100 people. We debated it for a long time – were we really in the mood? It was decided we would do a coming out of the depression party – a 1940s theme to commemorate the last time the US came out of a depression. We’ll arrange the living room like a scene from ‘Casablanca’, throw in some jazz & swing music, and top it off with classic cocktails. I think it should be a good time and I feel strangely optimistic. I doubt any of the three people reading this will be in Phoenix the weekend before Halloween, but if you are, let me know and I’ll scrounge up an invite.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Adrian in webcast: Security Mgmt 2.0: Time to Replace Your SIEM?
Favorite Securosis Posts
- Rich: Payment Trends and Security Ramifications. Awesome summary.
- Adrian Lane: Payment Trends and Security Ramifications. Yeah, I am picking my own post.
- Mike Rothman: Fact-Based Network Security: In Action. Someone else will link to Rich’s great SSL post, so let me highlight the kind of post I like best. Applied use of theory, even if it is a concocted scenario. You should read all the posts in this series. It’s good stuff if I do say so myself, and I do.
- David Mortman: Building an SSL Early Warning System.
Other Securosis Posts
- Incite 9/14/2011: Mike and the Terrible, Horrible, No Good, Very Bad Day.
- Security Management 2.0: Making the Decision.
- Recently on the Heavy Feed.
- Friday Summary: September 9, 2011.
- Speaking at OWASP: September 22 and 23.
- Security Management 2.0: Vendor Evaluation – Driving the PoC.
- Security Management 2.0: Negotiation.
Favorite Outside Posts
- Rich: Criminal Hack versus FOIA request: The Showdown. Read this one and just think about it for a moment. Anonymous and Lulzsec look petty and malicious.
- Adrian Lane: Protecting against XSS. Good analysis of XSS and tips on how to handle it.
- Mike Rothman: Surviving 9/11: Ten Years Later. Haunting story from Penelope Trunk about her experience surviving the 9/11 attack. And how she learned to be OK stepping off the fast track. “I am not a person who waited until the end of my life to slow down. I’m someone who stopped competing.” Word to that.
- David Mortman: DigiNotar: surveying the damage with OCSP.
Project Quant Posts
- DB Quant: Index.
- NSO Quant: Index of Posts.
- NSO Quant: Health Metrics–Device Health.
- NSO Quant: Manage Metrics–Monitor Issues/Tune IDS/IPS.
- NSO Quant: Manage Metrics–Deploy and Audit/Validate.
- NSO Quant: Manage Metrics–Process Change Request and Test/Approve.
Research Reports and Presentations
- Tokenization vs. Encryption: Options for Compliance.
- Security Benchmarking: Going Beyond Metrics.
- Understanding and Selecting a File Activity Monitoring Solution.
- Database Activity Monitoring: Software vs. Appliance.
- React Faster and Better: New Approaches for Advanced Incident Response.
Top News and Posts
- LexisNexis’ study on the true cost of fraud. Huh.
- Intel and McAfee Unveil DeepSAFE. Debated whether qualified as news, given my first-hand knowledge that hardware-level security hooks for A/V, identity, and OS have been under serious consideration at Intel since at least 1998. But now we have a live implementation so I am interested to see the value it provides.
- Apache HTTP Server 2.2.21 Released Several important security fixes.
- Patch Tuesday Blocks More DigiNotar Certificates.
- Adobe, Windows Security Patches via Krebs.
- Microsoft Windows 8 will ship with built-in anti-virus.
Blog Comment of the Week
At a previous company, I would always warn my boss (The CIO) when these sorts of deals were on the table. We had an agreement, if the vendor insisted on talking to him, it was an inconvenience and he would ask for another few percentage points off on the deal. It was awesome. At one point, I’d asked for a 93% discount, the vendor escalated and then missed the call. We ended up with a 98% discount and that included hardware. It was a beautiful thing.
Don’t worry Anonymous, your identity is safe with us.