Rich here.
Two weeks ago I got to experience something that wasn’t on the bucket list because it was so over the top I lacked the creativity to even think of putting it on the bucket list.
I’ve been a cycling fan for a while now. Not only is it one of the three disciplines of triathlon, but I quite enjoy cycling for its own sake. As with tri, it’s one of the only sports out there where you can not only do what the pros do, but sometimes participate in the same events with them. You might run into a pro football player at a bar or restaurant, but it isn’t uncommon to see a pro rider, runner, or triathlete riding the same Sunday route as you, or even setting up in the same start/transition area for a race.
Earlier this year Barracuda networks started sponsoring the Garmin-Sliptream team (for a short time it was Garmin-Barracuda, and now it’s Garmin-Sharp-Barracuda). I made a joke to @petermanmc about needing analyst support for the Tour de France, and something like 6 months later I found myself flying out to France for a speaking gig… and a little bike riding. 
I won’t go into the details of what I did outside the speaking part, but suffice it to say I got a fair bit of road time and caught the ends of a few stages. It was an unbelievable experience that even the Barracuda folks (especially a fellow cyclist from the Cuda exec team) didn’t expect.
One of the bonuses was getting to meet some of the team and the directors. It really showed me what it takes to play at the absolute top of the game in one of the most popular sports on the planet (the TdF is the single biggest annual sporting event).
For example, during a dinner after the race about half the team was also lined up for the Olympics. We heard the Sky team (mostly UK riders) all hopped on a plane mere hours after winning the Tour so they could continue training. None of the Garmin riders competing in the Olympics had as much as a single celebratory drink as far as I could tell. After three weeks of racing some of the hardest rides out there, they didn’t really take one night off.
Earlier in the day, watching the finish to the Tour, I was talking with one of the development team riders who is likely to move up to the full pro team soon.
Me: “Have you ever seen the Tour before?” Him: “Nope, it’s my first time. Pretty awesome.” Me: “Does it inspire you to train harder?” Him: “No. I always train harder.”
That was right up there with one of the pros who told me he doesn’t understand all the attention the Tour gets. To him, it’s just another race on the schedule. “We’ll be riding these same stages in a few months and no one will be out there”.
That’s the difference between those at the top of the game, and those who wonder why they can’t move up. It doesn’t matter if it’s security, cycling, or whatever else you are into. Only those with a fusion reactor of internal motivation, mixed with a helping of natural talent, topped off with countless hours of effective training and practice, have any chance of winning. And trust me, there are always winners and losers.
I’d like to think I’m as good at my job as those cyclists are at theirs. Maybe I am, maybe I’m not, but the day I start thinking I get to do things like snag a speaking gig at the Tour de France because of who I am or where I work, rather than how well I do what I do, is the day someone else gets to go.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Rich presented at Black Hat and Defcon, but we have otherwise been out of the media.
Favorite Securosis Posts
- Mike Rothman: New Series: Pragmatic WAF Management. WAFs have a bad name, but it’s not entirely due to the technology. Adrian and I will be doing a series over the next couple weeks to dig into a more effective operational process for managing your WAF. PCI says buy it, so you may as well get the most value out of the device, right?
- Adrian Lane: Earning Quadrant Leadership. What a great post. Do you have any idea how often vendors and customers ask us this question?
- Rich: Pragmatic WAF Management: the Trouble with WAF. Ah, WAF.
Other Securosis Posts
- Endpoint Security Management Buyers Guide: the ESM Lifecycle.
- Endpoint Security Management Buyer’s Guide: The Business Impact of Managing Endpoints.
- Incite 8/1/2012: Media Angst.
- Incite 7/25/2012: Detox.
- Incite 7/18/2012: 21 Days.
- Proxies –Meet the ‘Agents’ of Cloud Computing.
- Heading out to Black Hat 2012!
- FireStarter: We Need a New Definition of Dead.
- Takeaways from Cloud Identity Summit.
Favorite Outside Posts
- Adrian Lane: Tagging and Tracking Espionage Botnets. I’m fascinated by botnets – both because of the solid architectures they employ as well as plenty of clever secure coding. I wish mainstream software development was as good.
- Mike Rothman: Q2 Earnings Call Transcripts. I’m a sucker for the quarterly earnings calls. Seeking Alpha provides transcripts, which can be pretty enlightening for understanding what’s going on with a company. Check out a sampling from Check Point, Fortinet, Symantec, SolarWinds, and Sourcefire.
- Pepper: The Power Strip That Lets You Snoop On An Entire Network. I want one!
- Adrian Lane: Top Ten Black Hat Pick Up Lines. OK, not really security per se, but it was funny. And we need more humor in security. TSA jokes only go so far.
- Mike Rothman: Lessons Netflix Learned from the AWS Storm. You can learn from someone else, or you can learn the hard way (through painful personal experience). I prefer the former. Go figure. It’s truly a huge gift that companies like Netflix air their dirty laundry about what goes wrong and what they’ll do to make sure it doesn’t happen again. Crap, this post itself is worth the $7 a month I pay them.
- Rich: OAuth 2.0 and the road to hell. This stinks. OAuth needs to be nice and easy. We don’t need another SAML.
Research Reports and Presentations
- Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks.
- Implementing and Managing a Data Loss Prevention Solution.
- Defending Data on iOS.
- Malware Analysis Quant Report.
- Report: Understanding and Selecting a Database Security Platform.
- Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform.
- Watching the Watchers: Guarding the Keys to the Kingdom.
Top News and Posts
- Global Payments says breach will cost $85 million.
- Latest Visa Fraud. This one is good – since attackers already have most of what they need.
- Payment Terminals Pwned in Vegas.
- Tagging and Tracking Espionage Botnets via Krebs.
- Charlie Miller and NFC.
- Millions of Mobile Phone Users’ Data Leaked in South Korea Scam.
- Former NSA Official Disputes Claims by NSA Chief. They track – regardless of semantics.
- Journalist Twitter Account Suspended. Not security but interesting.
- Mom Arrested for Hacking School Computer, Changing Grades. Good thing this criminal mastermind was thwarted.
- Canadian banks rushing to offer virtual wallets. In other news, Canadian banks are rushing to endpoint security solutions in three … two … one …
- Millions of gaming passwords, email addresses released online.
- 88 Oracle Security Patches Drop Just In Time For Black Hat.
- Judge OKs Nudity at TSA Checkpoint. The downside is that none of us want to see nude TSA personnel.
- ‘Grum’ unplugged.
- Black Hat email faux pas. “Never attribute to malice that which is adequately explained by stupidity”.
- Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo.
Blog Comment of the Week
Remember, for every comment selected, Securosis makes a $25 donation to Hackers for Charity. This week’s best comment goes to Alan, in response to Incite 8/1/2012: Media Angst.
We are waiting for someone to push the blond interviewer who appears after every swimming event into the pool. Now, that would be a gold medal performance!
I think we all know who he is referring to, even if you didn’t read the post.
Comments